diff options
Diffstat (limited to 'source4')
40 files changed, 1285 insertions, 983 deletions
diff --git a/source4/auth/ntlm/config.mk b/source4/auth/ntlm/config.mk index d812816a91..f31c2b7279 100644 --- a/source4/auth/ntlm/config.mk +++ b/source4/auth/ntlm/config.mk @@ -70,8 +70,6 @@ auth_unix_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth_unix.o) [SUBSYSTEM::PAM_ERRORS] -$(eval $(call proto_header_template,$(authsrcdir)/ntlm/pam_errors.h,$(auth_unix_OBJ_FILES:.o=.c))) - #VERSION = 0.0.1 #SO_VERSION = 0 PAM_ERRORS_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, pam_errors.o) diff --git a/source4/auth/ntlm/pam_errors.h b/source4/auth/ntlm/pam_errors.h index 904950caa6..959e1f3517 100644 --- a/source4/auth/ntlm/pam_errors.h +++ b/source4/auth/ntlm/pam_errors.h @@ -1,16 +1,26 @@ +/* + * Unix SMB/CIFS implementation. + * PAM error mapping functions + * Copyright (C) Andrew Bartlett 2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + #ifndef __AUTH_NTLM_PAM_ERRORS_H__ #define __AUTH_NTLM_PAM_ERRORS_H__ -#undef _PRINTF_ATTRIBUTE -#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2) -/* This file was automatically generated by mkproto.pl. DO NOT EDIT */ - -/* this file contains prototypes for functions that are private - * to this subsystem or library. These functions should not be - * used outside this particular subsystem! */ - - -/* The following definitions come from auth/ntlm/pam_errors.c */ +/* The following definitions come from auth/pam_errors.c */ /***************************************************************************** @@ -32,8 +42,6 @@ NTSTATUS pam_to_nt_status(int pam_error); convert an NT status32 code to a PAM error *****************************************************************************/ int nt_status_to_pam(NTSTATUS nt_status); -#undef _PRINTF_ATTRIBUTE -#define _PRINTF_ATTRIBUTE(a1, a2) #endif /* __AUTH_NTLM_PAM_ERRORS_H__ */ diff --git a/source4/auth/ntlmssp/config.mk b/source4/auth/ntlmssp/config.mk index ca58e28a24..129f58de83 100644 --- a/source4/auth/ntlmssp/config.mk +++ b/source4/auth/ntlmssp/config.mk @@ -2,7 +2,7 @@ MSRPC_PARSE_OBJ_FILES = $(addprefix $(authsrcdir)/ntlmssp/, ntlmssp_parse.o) -$(eval $(call proto_header_template,$(authsrcdir)/ntlmssp/msrpc_parse.h,$(MSRPC_PARSE_OBJ_FILES))) +$(eval $(call proto_header_template,$(authsrcdir)/ntlmssp/msrpc_parse.h,$(MSRPC_PARSE_OBJ_FILES:.o=.c))) ################################################ # Start MODULE gensec_ntlmssp diff --git a/source4/build/smb_build/main.pl b/source4/build/smb_build/main.pl index 3ff34eedcf..b31bfaa1f2 100644 --- a/source4/build/smb_build/main.pl +++ b/source4/build/smb_build/main.pl @@ -55,6 +55,7 @@ my $mkenv = new smb_build::makefile(\%config::config, $mkfile); my $shared_libs_used = 0; foreach my $key (values %$OUTPUT) { + next if ($key->{ENABLE} ne "YES"); push(@{$mkenv->{all_objs}}, "\$($key->{NAME}_OBJ_FILES)"); } diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index a524a6f8bd..b2a034d5a4 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -4,6 +4,7 @@ CLDAP server - netlogon handling Copyright (C) Andrew Tridgell 2005 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,25 +29,27 @@ #include "cldap_server/cldap_server.h" #include "librpc/gen_ndr/ndr_misc.h" #include "libcli/ldap/ldap_ndr.h" +#include "libcli/security/security.h" #include "dsdb/samdb/samdb.h" #include "auth/auth.h" #include "ldb_wrap.h" #include "system/network.h" #include "lib/socket/netif.h" #include "param/param.h" - /* fill in the cldap netlogon union for a given version */ -static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, - TALLOC_CTX *mem_ctx, - const char *domain, - const char *domain_guid, - const char *user, - const char *src_address, - uint32_t version, - struct loadparm_context *lp_ctx, - union nbt_cldap_netlogon *netlogon) +NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, + TALLOC_CTX *mem_ctx, + const char *domain, + const char *netbios_domain, + struct dom_sid *domain_sid, + const char *domain_guid, + const char *user, + const char *src_address, + uint32_t version, + struct loadparm_context *lp_ctx, + struct netlogon_samlogon_response *netlogon) { const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; const char *dom_attrs[] = {"objectGUID", NULL}; @@ -66,7 +69,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, struct ldb_dn *partitions_basedn; struct interface *ifaces; - partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx); + partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx); /* the domain has an optional trailing . */ if (domain && domain[strlen(domain)-1] == '.') { @@ -77,7 +80,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, struct ldb_dn *dom_dn; /* try and find the domain */ - ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &ref_res, + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res, partitions_basedn, LDB_SCOPE_ONELEVEL, ref_attrs, "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", @@ -86,19 +89,19 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", domain, - ldb_errstring(cldapd->samctx))); + ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (ref_res->count == 1) { talloc_steal(mem_ctx, dom_res); - dom_dn = ldb_msg_find_attr_as_dn(cldapd->samctx, mem_ctx, ref_res->msgs[0], "ncName"); + dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName"); if (!dom_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } - ret = ldb_search(cldapd->samctx, dom_dn, + ret = ldb_search(sam_ctx, dom_dn, LDB_SCOPE_BASE, "objectClass=domain", dom_attrs, &dom_res); if (ret != LDB_SUCCESS) { - DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(cldapd->samctx))); + DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } talloc_steal(mem_ctx, dom_res); @@ -112,23 +115,70 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } } - if ((dom_res == NULL || dom_res->count == 0) && domain_guid) { + if (netbios_domain) { + struct ldb_dn *dom_dn; + /* try and find the domain */ + + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res, + partitions_basedn, LDB_SCOPE_ONELEVEL, + ref_attrs, + "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))", + netbios_domain); + + if (ret != LDB_SUCCESS) { + DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", + netbios_domain, + ldb_errstring(sam_ctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } else if (ref_res->count == 1) { + talloc_steal(mem_ctx, dom_res); + dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName"); + if (!dom_dn) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + ret = ldb_search(sam_ctx, dom_dn, + LDB_SCOPE_BASE, "objectClass=domain", + dom_attrs, &dom_res); + if (ret != LDB_SUCCESS) { + DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + talloc_steal(mem_ctx, dom_res); + if (dom_res->count != 1) { + DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + } else if (ref_res->count > 1) { + talloc_free(ref_res); + return NT_STATUS_NO_SUCH_DOMAIN; + } + } + + if ((dom_res == NULL || dom_res->count == 0) && (domain_guid || domain_sid)) { ref_res = NULL; - ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &dom_res, - NULL, LDB_SCOPE_SUBTREE, - dom_attrs, - "(&(objectClass=domainDNS)(objectGUID=%s))", - domain_guid); + if (domain_guid) { + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res, + NULL, LDB_SCOPE_SUBTREE, + dom_attrs, + "(&(objectClass=domainDNS)(objectGUID=%s))", + domain_guid); + } else { /* domain_sid case */ + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res, + NULL, LDB_SCOPE_SUBTREE, + dom_attrs, + "(&(objectClass=domainDNS)(objectSID=%s))", + dom_sid_string(mem_ctx, domain_sid)); + } if (ret != LDB_SUCCESS) { - DEBUG(2,("Unable to find referece to GUID '%s' in sam: %s\n", - domain_guid, - ldb_errstring(cldapd->samctx))); + DEBUG(2,("Unable to find referece to GUID '%s' or SID %s in sam: %s\n", + domain_guid, dom_sid_string(mem_ctx, domain_sid), + ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (dom_res->count == 1) { /* try and find the domain */ - ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &ref_res, + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res, partitions_basedn, LDB_SCOPE_ONELEVEL, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", @@ -137,7 +187,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", ldb_dn_get_linearized(dom_res->msgs[0]->dn), - ldb_errstring(cldapd->samctx))); + ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (ref_res->count != 1) { @@ -166,11 +216,11 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; - if (samdb_is_pdc(cldapd->samctx)) { + if (samdb_is_pdc(sam_ctx)) { server_type |= NBT_SERVER_PDC; } - if (samdb_is_gc(cldapd->samctx)) { + if (samdb_is_gc(sam_ctx)) { server_type |= NBT_SERVER_GC; } @@ -200,68 +250,77 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, ZERO_STRUCTP(netlogon); - switch (version & 0xF) { - case 0: - case 1: - netlogon->logon1.type = (user?19+2:19); - netlogon->logon1.pdc_name = pdc_name; - netlogon->logon1.user_name = user; - netlogon->logon1.domain_name = flatname; - netlogon->logon1.nt_version = 1; - netlogon->logon1.lmnt_token = 0xFFFF; - netlogon->logon1.lm20_token = 0xFFFF; - break; - case 2: - case 3: - netlogon->logon3.type = (user?19+2:19); - netlogon->logon3.pdc_name = pdc_name; - netlogon->logon3.user_name = user; - netlogon->logon3.domain_name = flatname; - netlogon->logon3.domain_uuid = domain_uuid; - netlogon->logon3.forest = realm; - netlogon->logon3.dns_domain = dns_domain; - netlogon->logon3.pdc_dns_name = pdc_dns_name; - netlogon->logon3.pdc_ip = pdc_ip; - netlogon->logon3.server_type = server_type; - netlogon->logon3.lmnt_token = 0xFFFF; - netlogon->logon3.lm20_token = 0xFFFF; - break; - case 4: - case 5: - case 6: - case 7: - netlogon->logon5.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); - netlogon->logon5.server_type = server_type; - netlogon->logon5.domain_uuid = domain_uuid; - netlogon->logon5.forest = realm; - netlogon->logon5.dns_domain = dns_domain; - netlogon->logon5.pdc_dns_name = pdc_dns_name; - netlogon->logon5.domain = flatname; - netlogon->logon5.pdc_name = lp_netbios_name(lp_ctx); - netlogon->logon5.user_name = user; - netlogon->logon5.server_site = server_site; - netlogon->logon5.client_site = client_site; - netlogon->logon5.lmnt_token = 0xFFFF; - netlogon->logon5.lm20_token = 0xFFFF; - break; - default: - netlogon->logon13.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); - netlogon->logon13.server_type = server_type; - netlogon->logon13.domain_uuid = domain_uuid; - netlogon->logon13.forest = realm; - netlogon->logon13.dns_domain = dns_domain; - netlogon->logon13.pdc_dns_name = pdc_dns_name; - netlogon->logon13.domain = flatname; - netlogon->logon13.pdc_name = lp_netbios_name(lp_ctx); - netlogon->logon13.user_name = user; - netlogon->logon13.server_site = server_site; - netlogon->logon13.client_site = client_site; - netlogon->logon13.unknown = 10; - netlogon->logon13.unknown2 = 2; - netlogon->logon13.pdc_ip = pdc_ip; - netlogon->logon13.lmnt_token = 0xFFFF; - netlogon->logon13.lm20_token = 0xFFFF; - break; + if (version & NETLOGON_NT_VERSION_5EX) { + uint32_t extra_flags = 0; + netlogon->ntver = NETLOGON_NT_VERSION_5EX; + + /* could check if the user exists */ + if (!user) { + user = ""; + netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; + } else { + netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; + } + netlogon->nt5_ex.server_type = server_type; + netlogon->nt5_ex.domain_uuid = domain_uuid; + netlogon->nt5_ex.forest = realm; + netlogon->nt5_ex.dns_domain = dns_domain; + netlogon->nt5_ex.pdc_dns_name = pdc_dns_name; + netlogon->nt5_ex.domain = flatname; + netlogon->nt5_ex.pdc_name = lp_netbios_name(lp_ctx); + netlogon->nt5_ex.user_name = user; + netlogon->nt5_ex.server_site = server_site; + netlogon->nt5_ex.client_site = client_site; + + if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) { + /* Clearly this needs to be fixed up for IPv6 */ + extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; + netlogon->nt5_ex.sockaddr.sa_family = 2; + netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip; + netlogon->nt5_ex.sockaddr.remaining = data_blob(NULL, 4); + } + netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; + netlogon->nt5_ex.lmnt_token = 0xFFFF; + netlogon->nt5_ex.lm20_token = 0xFFFF; + + } else if (version & NETLOGON_NT_VERSION_5) { + netlogon->ntver = NETLOGON_NT_VERSION_5; + + /* could check if the user exists */ + if (!user) { + user = ""; + netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE; + } else { + netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; + } + netlogon->nt5.pdc_name = pdc_name; + netlogon->nt5.user_name = user; + netlogon->nt5.domain_name = flatname; + netlogon->nt5.domain_uuid = domain_uuid; + netlogon->nt5.forest = realm; + netlogon->nt5.dns_domain = dns_domain; + netlogon->nt5.pdc_dns_name = pdc_dns_name; + netlogon->nt5.pdc_ip = pdc_ip; + netlogon->nt5.server_type = server_type; + netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; + netlogon->nt5.lmnt_token = 0xFFFF; + netlogon->nt5.lm20_token = 0xFFFF; + + } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ { + netlogon->ntver = NETLOGON_NT_VERSION_1; + /* could check if the user exists */ + if (!user) { + user = ""; + netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE; + } else { + netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; + } + netlogon->nt4.server = pdc_name; + netlogon->nt4.user_name = user; + netlogon->nt4.domain = flatname; + netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1; + netlogon->nt4.lmnt_token = 0xFFFF; + netlogon->nt4.lm20_token = 0xFFFF; } return NT_STATUS_OK; @@ -285,7 +344,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, const char *domain_sid = NULL; int acct_control = -1; int version = -1; - union nbt_cldap_netlogon netlogon; + struct netlogon_samlogon_response netlogon; NTSTATUS status = NT_STATUS_INVALID_PARAMETER; TALLOC_CTX *tmp_ctx = talloc_new(cldap); @@ -346,9 +405,9 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n", domain, host, user, version, domain_guid)); - status = cldapd_netlogon_fill(cldapd, tmp_ctx, domain, domain_guid, - user, src->addr, - version, cldapd->task->lp_ctx, &netlogon); + status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, NULL, domain_guid, + user, src->addr, + version, cldapd->task->lp_ctx, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; } diff --git a/source4/lib/ldb/ldb.i b/source4/lib/ldb/ldb.i index 6b94f19cb5..18e981f7be 100644 --- a/source4/lib/ldb/ldb.i +++ b/source4/lib/ldb/ldb.i @@ -229,6 +229,14 @@ fail: return ldb_dn_canonical_ex_string($self, $self); } #ifdef SWIGPYTHON + char *__repr__(void) + { + char *dn = ldb_dn_get_linearized($self), *ret; + asprintf(&ret, "Dn('%s')", dn); + talloc_free(dn); + return ret; + } + ldb_dn *__add__(ldb_dn *other) { ldb_dn *ret = ldb_dn_copy(NULL, $self); @@ -376,6 +384,9 @@ typedef struct ldb_message_element { raise KeyError("no such value") return ret + def __repr__(self): + return "MessageElement([%s])" % (",".join(repr(x) for x in self.__set__())) + def __eq__(self, other): if (len(self) == 1 and self.get(0) == other): return True @@ -400,17 +411,22 @@ typedef struct ldb_message_element { else $result = SWIG_NewPointerObj($1, SWIGTYPE_p_ldb_message_element, 0); } -%rename(__getitem__) ldb_message::find_element; //%typemap(out) ldb_msg_element *; %inline { PyObject *ldb_msg_list_elements(ldb_msg *msg) { - int i; - PyObject *obj = PyList_New(msg->num_elements); - for (i = 0; i < msg->num_elements; i++) - PyList_SetItem(obj, i, PyString_FromString(msg->elements[i].name)); + int i, j = 0; + PyObject *obj = PyList_New(msg->num_elements+(msg->dn != NULL?1:0)); + if (msg->dn != NULL) { + PyList_SetItem(obj, j, PyString_FromString("dn")); + j++; + } + for (i = 0; i < msg->num_elements; i++) { + PyList_SetItem(obj, j, PyString_FromString(msg->elements[i].name)); + j++; + } return obj; } } @@ -466,6 +482,28 @@ typedef struct ldb_message { } #endif void remove_attr(const char *name); +%pythoncode { + def get(self, key, default=None): + if key == "dn": + return self.dn + return self.find_element(key) + + def __getitem__(self, key): + ret = self.get(key, None) + if ret is None: + raise KeyError("No such element") + return ret + + def iteritems(self): + for k in self.keys(): + yield k, self[k] + + def items(self): + return list(self.iteritems()) + + def __repr__(self): + return "Message(%s)" % repr(dict(self.iteritems())) +} } } ldb_msg; @@ -743,6 +781,12 @@ typedef struct ldb_context { return PyObject_GetIter(list); } + char *__repr__(void) + { + char *ret; + asprintf(&ret, "<ldb connection at 0x%x>", ret); + return ret; + } #endif } %pythoncode { @@ -753,6 +797,8 @@ typedef struct ldb_context { def search(self, base=None, scope=SCOPE_DEFAULT, expression=None, attrs=None, controls=None): + if not (attrs is None or isinstance(attrs, list)): + raise TypeError("attributes not a list") parsed_controls = None if controls is not None: parsed_controls = self.parse_control_strings(controls) diff --git a/source4/lib/ldb/ldb.py b/source4/lib/ldb/ldb.py index b148782c63..e9f4055fbf 100644 --- a/source4/lib/ldb/ldb.py +++ b/source4/lib/ldb/ldb.py @@ -68,7 +68,6 @@ CHANGETYPE_MODIFY = _ldb.CHANGETYPE_MODIFY ldb_val_to_py_object = _ldb.ldb_val_to_py_object class Dn(object): thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag') - __repr__ = _swig_repr def __init__(self, *args, **kwargs): _ldb.Dn_swiginit(self,_ldb.new_Dn(*args, **kwargs)) __swig_destroy__ = _ldb.delete_Dn @@ -93,6 +92,7 @@ Dn.add_child = new_instancemethod(_ldb.Dn_add_child,None,Dn) Dn.add_base = new_instancemethod(_ldb.Dn_add_base,None,Dn) Dn.canonical_str = new_instancemethod(_ldb.Dn_canonical_str,None,Dn) Dn.canonical_ex_str = new_instancemethod(_ldb.Dn_canonical_ex_str,None,Dn) +Dn.__repr__ = new_instancemethod(_ldb.Dn___repr__,None,Dn) Dn.__add__ = new_instancemethod(_ldb.Dn___add__,None,Dn) Dn_swigregister = _ldb.Dn_swigregister Dn_swigregister(Dn) @@ -108,6 +108,9 @@ class ldb_msg_element(object): raise KeyError("no such value") return ret + def __repr__(self): + return "MessageElement([%s])" % (",".join(repr(x) for x in self.__set__())) + def __eq__(self, other): if (len(self) == 1 and self.get(0) == other): return True @@ -139,7 +142,28 @@ class Message(object): def __init__(self, *args, **kwargs): _ldb.Message_swiginit(self,_ldb.new_Message(*args, **kwargs)) __swig_destroy__ = _ldb.delete_Message -Message.__getitem__ = new_instancemethod(_ldb.Message___getitem__,None,Message) + def get(self, key, default=None): + if key == "dn": + return self.dn + return self.find_element(key) + + def __getitem__(self, key): + ret = self.get(key, None) + if ret is None: + raise KeyError("No such element") + return ret + + def iteritems(self): + for k in self.keys(): + yield k, self[k] + + def items(self): + return list(self.iteritems()) + + def __repr__(self): + return "Message(%s)" % repr(dict(self.iteritems())) + +Message.find_element = new_instancemethod(_ldb.Message_find_element,None,Message) Message.__setitem__ = new_instancemethod(_ldb.Message___setitem__,None,Message) Message.__len__ = new_instancemethod(_ldb.Message___len__,None,Message) Message.keys = new_instancemethod(_ldb.Message_keys,None,Message) @@ -191,7 +215,6 @@ LDB_ERR_AFFECTS_MULTIPLE_DSAS = _ldb.LDB_ERR_AFFECTS_MULTIPLE_DSAS LDB_ERR_OTHER = _ldb.LDB_ERR_OTHER class Ldb(object): thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag') - __repr__ = _swig_repr def __init__(self, *args, **kwargs): _ldb.Ldb_swiginit(self,_ldb.new_Ldb(*args, **kwargs)) __swig_destroy__ = _ldb.delete_Ldb @@ -202,6 +225,8 @@ class Ldb(object): def search(self, base=None, scope=SCOPE_DEFAULT, expression=None, attrs=None, controls=None): + if not (attrs is None or isinstance(attrs, list)): + raise TypeError("attributes not a list") parsed_controls = None if controls is not None: parsed_controls = self.parse_control_strings(controls) @@ -234,6 +259,7 @@ Ldb.schema_attribute_add = new_instancemethod(_ldb.Ldb_schema_attribute_add,None Ldb.setup_wellknown_attributes = new_instancemethod(_ldb.Ldb_setup_wellknown_attributes,None,Ldb) Ldb.__contains__ = new_instancemethod(_ldb.Ldb___contains__,None,Ldb) Ldb.parse_ldif = new_instancemethod(_ldb.Ldb_parse_ldif,None,Ldb) +Ldb.__repr__ = new_instancemethod(_ldb.Ldb___repr__,None,Ldb) Ldb_swigregister = _ldb.Ldb_swigregister Ldb_swigregister(Ldb) diff --git a/source4/lib/ldb/ldb_wrap.c b/source4/lib/ldb/ldb_wrap.c index 390652eebe..d787266416 100644 --- a/source4/lib/ldb/ldb_wrap.c +++ b/source4/lib/ldb/ldb_wrap.c @@ -2719,6 +2719,12 @@ SWIGINTERN char const *ldb_dn_canonical_str(ldb_dn *self){ SWIGINTERN char const *ldb_dn_canonical_ex_str(ldb_dn *self){ return ldb_dn_canonical_ex_string(self, self); } +SWIGINTERN char *ldb_dn___repr__(ldb_dn *self){ + char *dn = ldb_dn_get_linearized(self), *ret; + asprintf(&ret, "Dn('%s')", dn); + talloc_free(dn); + return ret; + } SWIGINTERN ldb_dn *ldb_dn___add__(ldb_dn *self,ldb_dn *other){ ldb_dn *ret = ldb_dn_copy(NULL, self); ldb_dn_add_child(ret, other); @@ -2970,10 +2976,16 @@ SWIGINTERN void delete_ldb_msg_element(ldb_msg_element *self){ talloc_free(self) PyObject *ldb_msg_list_elements(ldb_msg *msg) { - int i; - PyObject *obj = PyList_New(msg->num_elements); - for (i = 0; i < msg->num_elements; i++) - PyList_SetItem(obj, i, PyString_FromString(msg->elements[i].name)); + int i, j = 0; + PyObject *obj = PyList_New(msg->num_elements+(msg->dn != NULL?1:0)); + if (msg->dn != NULL) { + PyList_SetItem(obj, j, PyString_FromString("dn")); + j++; + } + for (i = 0; i < msg->num_elements; i++) { + PyList_SetItem(obj, j, PyString_FromString(msg->elements[i].name)); + j++; + } return obj; } @@ -3188,6 +3200,11 @@ SWIGINTERN PyObject *ldb_parse_ldif(ldb *self,char const *s){ } return PyObject_GetIter(list); } +SWIGINTERN char *ldb___repr__(ldb *self){ + char *ret; + asprintf(&ret, "<ldb connection at 0x%x>", ret); + return ret; + } static char *timestring(time_t t) { @@ -3678,6 +3695,29 @@ fail: } +SWIGINTERN PyObject *_wrap_Dn___repr__(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + ldb_dn *arg1 = (ldb_dn *) 0 ; + char *result = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_ldb_dn, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Dn___repr__" "', argument " "1"" of type '" "ldb_dn *""'"); + } + arg1 = (ldb_dn *)(argp1); + result = (char *)ldb_dn___repr__(arg1); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_Dn___add__(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; ldb_dn *arg1 = (ldb_dn *) 0 ; @@ -4074,7 +4114,7 @@ fail: } -SWIGINTERN PyObject *_wrap_Message___getitem__(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { +SWIGINTERN PyObject *_wrap_Message_find_element(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; ldb_msg *arg1 = (ldb_msg *) 0 ; char *arg2 = (char *) 0 ; @@ -4090,15 +4130,15 @@ SWIGINTERN PyObject *_wrap_Message___getitem__(PyObject *SWIGUNUSEDPARM(self), P (char *) "self",(char *) "name", NULL }; - if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"OO:Message___getitem__",kwnames,&obj0,&obj1)) SWIG_fail; + if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"OO:Message_find_element",kwnames,&obj0,&obj1)) SWIG_fail; res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_ldb_message, 0 | 0 ); if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Message___getitem__" "', argument " "1"" of type '" "ldb_msg *""'"); + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Message_find_element" "', argument " "1"" of type '" "ldb_msg *""'"); } arg1 = (ldb_msg *)(argp1); res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "Message___getitem__" "', argument " "2"" of type '" "char const *""'"); + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "Message_find_element" "', argument " "2"" of type '" "char const *""'"); } arg2 = (char *)(buf2); if (arg1 == NULL) @@ -5538,6 +5578,32 @@ fail: } +SWIGINTERN PyObject *_wrap_Ldb___repr__(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + ldb *arg1 = (ldb *) 0 ; + char *result = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_ldb_context, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Ldb___repr__" "', argument " "1"" of type '" "ldb *""'"); + } + arg1 = (ldb *)(argp1); + if (arg1 == NULL) + SWIG_exception(SWIG_ValueError, + "ldb context must be non-NULL"); + result = (char *)ldb___repr__(arg1); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *Ldb_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *obj; if (!SWIG_Python_UnpackTuple(args,(char*)"swigregister", 1, 1,&obj)) return NULL; @@ -5673,6 +5739,7 @@ static PyMethodDef SwigMethods[] = { { (char *)"Dn_add_base", (PyCFunction) _wrap_Dn_add_base, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Dn_canonical_str", (PyCFunction)_wrap_Dn_canonical_str, METH_O, NULL}, { (char *)"Dn_canonical_ex_str", (PyCFunction)_wrap_Dn_canonical_ex_str, METH_O, NULL}, + { (char *)"Dn___repr__", (PyCFunction)_wrap_Dn___repr__, METH_O, NULL}, { (char *)"Dn___add__", (PyCFunction) _wrap_Dn___add__, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Dn_swigregister", Dn_swigregister, METH_VARARGS, NULL}, { (char *)"Dn_swiginit", Dn_swiginit, METH_VARARGS, NULL}, @@ -5689,7 +5756,7 @@ static PyMethodDef SwigMethods[] = { { (char *)"Message_dn_get", (PyCFunction)_wrap_Message_dn_get, METH_O, NULL}, { (char *)"new_Message", (PyCFunction) _wrap_new_Message, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"delete_Message", (PyCFunction)_wrap_delete_Message, METH_O, NULL}, - { (char *)"Message___getitem__", (PyCFunction) _wrap_Message___getitem__, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Message_find_element", (PyCFunction) _wrap_Message_find_element, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Message___setitem__", _wrap_Message___setitem__, METH_VARARGS, NULL}, { (char *)"Message___len__", (PyCFunction)_wrap_Message___len__, METH_O, NULL}, { (char *)"Message_keys", (PyCFunction)_wrap_Message_keys, METH_O, NULL}, @@ -5726,6 +5793,7 @@ static PyMethodDef SwigMethods[] = { { (char *)"Ldb_setup_wellknown_attributes", (PyCFunction)_wrap_Ldb_setup_wellknown_attributes, METH_O, NULL}, { (char *)"Ldb___contains__", (PyCFunction) _wrap_Ldb___contains__, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Ldb_parse_ldif", (PyCFunction) _wrap_Ldb_parse_ldif, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Ldb___repr__", (PyCFunction)_wrap_Ldb___repr__, METH_O, NULL}, { (char *)"Ldb_swigregister", Ldb_swigregister, METH_VARARGS, NULL}, { (char *)"Ldb_swiginit", Ldb_swiginit, METH_VARARGS, NULL}, { (char *)"valid_attr_name", (PyCFunction) _wrap_valid_attr_name, METH_VARARGS | METH_KEYWORDS, NULL}, diff --git a/source4/lib/ldb/tests/python/api.py b/source4/lib/ldb/tests/python/api.py index 5f3f727b5d..1ae3fde744 100755 --- a/source4/lib/ldb/tests/python/api.py +++ b/source4/lib/ldb/tests/python/api.py @@ -36,6 +36,10 @@ class SimpleLdb(unittest.TestCase): x = ldb.Ldb() x.connect("foo.tdb") + def test_repr(self): + x = ldb.Ldb() + self.assertTrue(repr(x).startswith("<ldb connection")) + def test_set_create_perms(self): x = ldb.Ldb() x.set_create_perms(0600) @@ -60,6 +64,10 @@ class SimpleLdb(unittest.TestCase): l = ldb.Ldb("foo.tdb") self.assertEquals(len(l.search("", ldb.SCOPE_SUBTREE, "(dc=*)", ["dc"])), 0) + def test_search_attr_string(self): + l = ldb.Ldb("foo.tdb") + self.assertRaises(TypeError, l.search, attrs="dc") + def test_opaque(self): l = ldb.Ldb("foo.tdb") l.set_opaque("my_opaque", l) @@ -257,6 +265,10 @@ class DnTests(unittest.TestCase): x = ldb.Dn(self.ldb, "dc=foo,bar=bloe") self.assertEquals(x.__str__(), "dc=foo,bar=bloe") + def test_repr(self): + x = ldb.Dn(self.ldb, "dc=foo,bla=blie") + self.assertEquals(x.__repr__(), "Dn('dc=foo,bla=blie')") + def test_get_casefold(self): x = ldb.Dn(self.ldb, "dc=foo,bar=bloe") self.assertEquals(x.get_casefold(), "DC=FOO,BAR=bloe") @@ -347,6 +359,16 @@ class LdbMsgTests(unittest.TestCase): self.msg = ldb.Message(ldb.Dn(ldb.Ldb(), "dc=foo")) self.assertEquals("dc=foo", str(self.msg.dn)) + def test_iter_items(self): + self.assertEquals(0, len(self.msg.items())) + self.msg.dn = ldb.Dn(ldb.Ldb("foo.tdb"), "dc=foo") + self.assertEquals(1, len(self.msg.items())) + + def test_repr(self): + self.msg.dn = ldb.Dn(ldb.Ldb("foo.tdb"), "dc=foo") + self.msg["dc"] = "foo" + self.assertEquals("Message({'dn': Dn('dc=foo'), 'dc': MessageElement(['foo'])})", repr(self.msg)) + def test_len(self): self.assertEquals(0, len(self.msg)) @@ -374,14 +396,26 @@ class LdbMsgTests(unittest.TestCase): self.assertEquals(["bar"], list(self.msg["foo"])) def test_keys(self): + self.msg.dn = ldb.Dn(ldb.Ldb("foo.tdb"), "@BASEINFO") self.msg["foo"] = ["bla"] self.msg["bar"] = ["bla"] - self.assertEquals(["foo", "bar"], self.msg.keys()) + self.assertEquals(["dn", "foo", "bar"], self.msg.keys()) def test_dn(self): self.msg.dn = ldb.Dn(ldb.Ldb("foo.tdb"), "@BASEINFO") self.assertEquals("@BASEINFO", self.msg.dn.__str__()) + def test_get_dn(self): + self.msg.dn = ldb.Dn(ldb.Ldb("foo.tdb"), "@BASEINFO") + self.assertEquals("@BASEINFO", self.msg.get("dn").__str__()) + + def test_get_other(self): + self.msg["foo"] = ["bar"] + self.assertEquals("bar", self.msg.get("foo")[0]) + + def test_get_unknown(self): + self.assertRaises(KeyError, self.msg.get, "lalalala") + class MessageElementTests(unittest.TestCase): def test_cmp_element(self): @@ -395,6 +429,12 @@ class MessageElementTests(unittest.TestCase): x = ldb.MessageElement(["foo"]) self.assertEquals(["foo"], list(x)) + def test_repr(self): + x = ldb.MessageElement(["foo"]) + self.assertEquals("MessageElement(['foo'])", repr(x)) + x = ldb.MessageElement(["foo", "bla"]) + self.assertEquals("MessageElement(['foo','bla'])", repr(x)) + def test_get_item(self): x = ldb.MessageElement(["foo", "bar"]) self.assertEquals("foo", x[0]) diff --git a/source4/lib/ldb/tools/ad2oLschema.c b/source4/lib/ldb/tools/ad2oLschema.c index 67b16dd06e..0a89656fa2 100644 --- a/source4/lib/ldb/tools/ad2oLschema.c +++ b/source4/lib/ldb/tools/ad2oLschema.c @@ -429,7 +429,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ /* We might have been asked to remap this oid, * due to a conflict, or lack of * implementation */ - for (j=0; syntax_oid && oid_map[j].old_oid; j++) { + for (j=0; syntax_oid && oid_map && oid_map[j].old_oid; j++) { if (strcasecmp(syntax_oid, oid_map[j].old_oid) == 0) { syntax_oid = oid_map[j].new_oid; break; @@ -494,7 +494,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_ } /* We might have been asked to remap this oid, due to a conflict */ - for (j=0; oid_map[j].old_oid; j++) { + for (j=0; oid_map && oid_map[j].old_oid; j++) { if (strcasecmp(oid, oid_map[j].old_oid) == 0) { oid = oid_map[j].new_oid; break; diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index 19284461ee..e7b654894f 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -1085,8 +1085,14 @@ void irpc_remove_name(struct messaging_context *msg_ctx, const char *name) return; } rec = tdb_fetch_bystring(t->tdb, name); + if (rec.dptr == NULL) { + tdb_unlock_bystring(t->tdb, name); + talloc_free(t); + return; + } count = rec.dsize / sizeof(struct server_id); if (count == 0) { + free(rec.dptr); tdb_unlock_bystring(t->tdb, name); talloc_free(t); return; diff --git a/source4/lib/tdb/configure.ac b/source4/lib/tdb/configure.ac index 9b16a82c33..eaf70d30b4 100644 --- a/source4/lib/tdb/configure.ac +++ b/source4/lib/tdb/configure.ac @@ -2,7 +2,7 @@ AC_PREREQ(2.50) AC_DEFUN([SMB_MODULE_DEFAULT], [echo -n ""]) AC_DEFUN([SMB_LIBRARY_ENABLE], [echo -n ""]) AC_DEFUN([SMB_ENABLE], [echo -n ""]) -AC_INIT(tdb, 1.1.1) +AC_INIT(tdb, 1.1.2) AC_CONFIG_SRCDIR([common/tdb.c]) AC_CONFIG_HEADER(include/config.h) AC_LIBREPLACE_ALL_CHECKS diff --git a/source4/lib/tdb/python/tests/simple.py b/source4/lib/tdb/python/tests/simple.py index 94407b6398..7147718c91 100644 --- a/source4/lib/tdb/python/tests/simple.py +++ b/source4/lib/tdb/python/tests/simple.py @@ -3,8 +3,8 @@ # Note that this tests the interface of the Python bindings # It does not test tdb itself. # -# Copyright (C) 2007 Jelmer Vernooij <jelmer@samba.org> -# Published under the GNU LGPL +# Copyright (C) 2007-2008 Jelmer Vernooij <jelmer@samba.org> +# Published under the GNU LGPLv3 or later import tdb from unittest import TestCase @@ -25,6 +25,9 @@ class SimpleTdbTests(TestCase): def tearDown(self): del self.tdb + def test_repr(self): + self.assertTrue(repr(self.tdb).startswith("Tdb('")) + def test_lockall(self): self.tdb.lock_all() diff --git a/source4/lib/tdb/tdb.i b/source4/lib/tdb/tdb.i index c82d2d0a6d..704f0facc6 100644 --- a/source4/lib/tdb/tdb.i +++ b/source4/lib/tdb/tdb.i @@ -182,8 +182,8 @@ typedef struct tdb_context { } %pythoncode { - def __str__(self): - return self.name() + def __repr__(self): + return "Tdb('%s')" % self.name() # Random access to keys, values def __getitem__(self, key): diff --git a/source4/lib/tdb/tdb.mk b/source4/lib/tdb/tdb.mk index c91b1289cb..fa8db6d34c 100644 --- a/source4/lib/tdb/tdb.mk +++ b/source4/lib/tdb/tdb.mk @@ -50,7 +50,7 @@ install-python:: build-python cp $(tdbdir)/tdb.py $(DESTDIR)`$(PYTHON) -c "import distutils.sysconfig; print distutils.sysconfig.get_python_lib(0, prefix='$(prefix)')"` cp _tdb.$(SHLIBEXT) $(DESTDIR)`$(PYTHON) -c "import distutils.sysconfig; print distutils.sysconfig.get_python_lib(1, prefix='$(prefix)')"` -check-python:: build-python +check-python:: build-python $(TDB_SONAME) $(LIB_PATH_VAR)=. PYTHONPATH=".:$(tdbdir)" $(PYTHON) $(tdbdir)/python/tests/simple.py install-swig:: diff --git a/source4/lib/tdb/tdb.py b/source4/lib/tdb/tdb.py index 0effa3ff98..eb76ca6459 100644 --- a/source4/lib/tdb/tdb.py +++ b/source4/lib/tdb/tdb.py @@ -1,5 +1,5 @@ # This file was automatically generated by SWIG (http://www.swig.org). -# Version 1.3.33 +# Version 1.3.35 # # Don't modify this file, modify the SWIG interface instead. @@ -80,11 +80,11 @@ TDB_ERR_EINVAL = _tdb.TDB_ERR_EINVAL TDB_ERR_RDONLY = _tdb.TDB_ERR_RDONLY class tdb(object): thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag') - def __init__(self): raise AttributeError, "No constructor defined" + def __init__(self, *args, **kwargs): raise AttributeError, "No constructor defined" __repr__ = _swig_repr __swig_destroy__ = _tdb.delete_tdb - def __str__(self): - return self.name() + def __repr__(self): + return "Tdb('%s')" % self.name() def __getitem__(self, key): diff --git a/source4/lib/tdb/tdb_wrap.c b/source4/lib/tdb/tdb_wrap.c index 6a5b7feffc..f36d569937 100644 --- a/source4/lib/tdb/tdb_wrap.c +++ b/source4/lib/tdb/tdb_wrap.c @@ -1,6 +1,6 @@ /* ---------------------------------------------------------------------------- * This file was automatically generated by SWIG (http://www.swig.org). - * Version 1.3.33 + * Version 1.3.35 * * This file is not intended to be easily readable and contains a number of * coding conventions designed to improve portability and efficiency. Do not make @@ -126,7 +126,7 @@ /* This should only be incremented when either the layout of swig_type_info changes, or for whatever reason, the runtime changes incompatibly */ -#define SWIG_RUNTIME_VERSION "3" +#define SWIG_RUNTIME_VERSION "4" /* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */ #ifdef SWIG_TYPE_TABLE @@ -161,6 +161,7 @@ /* Flags for pointer conversions */ #define SWIG_POINTER_DISOWN 0x1 +#define SWIG_CAST_NEW_MEMORY 0x2 /* Flags for new pointer objects */ #define SWIG_POINTER_OWN 0x1 @@ -301,10 +302,10 @@ SWIGINTERNINLINE int SWIG_CheckState(int r) { extern "C" { #endif -typedef void *(*swig_converter_func)(void *); +typedef void *(*swig_converter_func)(void *, int *); typedef struct swig_type_info *(*swig_dycast_func)(void **); -/* Structure to store inforomation on one type */ +/* Structure to store information on one type */ typedef struct swig_type_info { const char *name; /* mangled name of this type */ const char *str; /* human readable name of this type */ @@ -431,8 +432,8 @@ SWIG_TypeCheckStruct(swig_type_info *from, swig_type_info *into) { Cast a pointer up an inheritance hierarchy */ SWIGRUNTIMEINLINE void * -SWIG_TypeCast(swig_cast_info *ty, void *ptr) { - return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr); +SWIG_TypeCast(swig_cast_info *ty, void *ptr, int *newmemory) { + return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr, newmemory); } /* @@ -856,7 +857,7 @@ SWIG_Python_AddErrorMsg(const char* mesg) Py_DECREF(old_str); Py_DECREF(value); } else { - PyErr_Format(PyExc_RuntimeError, mesg); + PyErr_SetString(PyExc_RuntimeError, mesg); } } @@ -1416,7 +1417,7 @@ PySwigObject_dealloc(PyObject *v) { PySwigObject *sobj = (PySwigObject *) v; PyObject *next = sobj->next; - if (sobj->own) { + if (sobj->own == SWIG_POINTER_OWN) { swig_type_info *ty = sobj->ty; PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0; PyObject *destroy = data ? data->destroy : 0; @@ -1434,12 +1435,13 @@ PySwigObject_dealloc(PyObject *v) res = ((*meth)(mself, v)); } Py_XDECREF(res); - } else { - const char *name = SWIG_TypePrettyName(ty); + } #if !defined(SWIG_PYTHON_SILENT_MEMLEAK) - printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name); -#endif + else { + const char *name = SWIG_TypePrettyName(ty); + printf("swig/python detected a memory leak of type '%s', no destructor found.\n", (name ? name : "unknown")); } +#endif } Py_XDECREF(next); PyObject_DEL(v); @@ -1944,7 +1946,7 @@ SWIG_Python_GetSwigThis(PyObject *pyobj) SWIGRUNTIME int SWIG_Python_AcquirePtr(PyObject *obj, int own) { - if (own) { + if (own == SWIG_POINTER_OWN) { PySwigObject *sobj = SWIG_Python_GetSwigThis(obj); if (sobj) { int oldown = sobj->own; @@ -1965,6 +1967,8 @@ SWIG_Python_ConvertPtrAndOwn(PyObject *obj, void **ptr, swig_type_info *ty, int return SWIG_OK; } else { PySwigObject *sobj = SWIG_Python_GetSwigThis(obj); + if (own) + *own = 0; while (sobj) { void *vptr = sobj->ptr; if (ty) { @@ -1978,7 +1982,15 @@ SWIG_Python_ConvertPtrAndOwn(PyObject *obj, void **ptr, swig_type_info *ty, int if (!tc) { sobj = (PySwigObject *)sobj->next; } else { - if (ptr) *ptr = SWIG_TypeCast(tc,vptr); + if (ptr) { + int newmemory = 0; + *ptr = SWIG_TypeCast(tc,vptr,&newmemory); + if (newmemory == SWIG_CAST_NEW_MEMORY) { + assert(own); + if (own) + *own = *own | SWIG_CAST_NEW_MEMORY; + } + } break; } } @@ -1988,7 +2000,8 @@ SWIG_Python_ConvertPtrAndOwn(PyObject *obj, void **ptr, swig_type_info *ty, int } } if (sobj) { - if (own) *own = sobj->own; + if (own) + *own = *own | sobj->own; if (flags & SWIG_POINTER_DISOWN) { sobj->own = 0; } @@ -2053,8 +2066,13 @@ SWIG_Python_ConvertFunctionPtr(PyObject *obj, void **ptr, swig_type_info *ty) { } if (ty) { swig_cast_info *tc = SWIG_TypeCheck(desc,ty); - if (!tc) return SWIG_ERROR; - *ptr = SWIG_TypeCast(tc,vptr); + if (tc) { + int newmemory = 0; + *ptr = SWIG_TypeCast(tc,vptr,&newmemory); + assert(!newmemory); /* newmemory handling not yet implemented */ + } else { + return SWIG_ERROR; + } } else { *ptr = vptr; } @@ -2500,7 +2518,7 @@ static swig_module_info swig_module = {swig_types, 11, 0, 0, 0, 0}; #define SWIG_name "_tdb" -#define SWIGVERSION 0x010333 +#define SWIGVERSION 0x010335 #define SWIG_VERSION SWIGVERSION @@ -3753,7 +3771,7 @@ SWIGRUNTIME void SWIG_InitializeModule(void *clientdata) { size_t i; swig_module_info *module_head, *iter; - int found; + int found, init; clientdata = clientdata; @@ -3763,6 +3781,9 @@ SWIG_InitializeModule(void *clientdata) { swig_module.type_initial = swig_type_initial; swig_module.cast_initial = swig_cast_initial; swig_module.next = &swig_module; + init = 1; + } else { + init = 0; } /* Try and load any already created modules */ @@ -3791,6 +3812,12 @@ SWIG_InitializeModule(void *clientdata) { module_head->next = &swig_module; } + /* When multiple interpeters are used, a module could have already been initialized in + a different interpreter, but not yet have a pointer in this interpreter. + In this case, we do not want to continue adding types... everything should be + set up already */ + if (init == 0) return; + /* Now work on filling in swig_module.types */ #ifdef SWIGRUNTIME_DEBUG printf("SWIG_InitializeModule: size %d\n", swig_module.size); diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c index 614bd51d2a..860bd358d5 100644 --- a/source4/libcli/cldap/cldap.c +++ b/source4/libcli/cldap/cldap.c @@ -595,7 +595,6 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req, struct cldap_netlogon *io) { NTSTATUS status; - enum ndr_err_code ndr_err; struct cldap_search search; struct cldap_socket *cldap; DATA_BLOB *data; @@ -618,18 +617,15 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req, } data = search.out.response->attributes[0].values; - ndr_err = ndr_pull_union_blob_all(data, mem_ctx, - cldap->iconv_convenience, - &io->out.netlogon, - io->in.version & 0xF, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(2,("cldap failed to parse netlogon response of type 0x%02x\n", - SVAL(data->data, 0))); - dump_data(10, data->data, data->length); - return ndr_map_error2ntstatus(ndr_err); + status = pull_netlogon_samlogon_response(data, mem_ctx, req->cldap->iconv_convenience, + &io->out.netlogon); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (io->in.map_response) { + map_netlogon_samlogon_response(&io->out.netlogon); } - return NT_STATUS_OK; } @@ -704,25 +700,20 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap, uint32_t message_id, struct socket_address *src, uint32_t version, - union nbt_cldap_netlogon *netlogon) + struct netlogon_samlogon_response *netlogon) { NTSTATUS status; - enum ndr_err_code ndr_err; struct cldap_reply reply; struct ldap_SearchResEntry response; struct ldap_Result result; TALLOC_CTX *tmp_ctx = talloc_new(cldap); DATA_BLOB blob; - ndr_err = ndr_push_union_blob(&blob, tmp_ctx, - cldap->iconv_convenience, - netlogon, version & 0xF, - (ndr_push_flags_fn_t)ndr_push_nbt_cldap_netlogon); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); + status = push_netlogon_samlogon_response(&blob, tmp_ctx, cldap->iconv_convenience, + netlogon); + if (!NT_STATUS_IS_OK(status)) { + return status; } - reply.messageid = message_id; reply.dest = src; reply.response = &response; diff --git a/source4/libcli/cldap/cldap.h b/source4/libcli/cldap/cldap.h index eb0191d0f4..7c2daf0ca2 100644 --- a/source4/libcli/cldap/cldap.h +++ b/source4/libcli/cldap/cldap.h @@ -20,7 +20,7 @@ */ #include "lib/util/asn1.h" -#include "librpc/gen_ndr/nbt.h" +#include "libcli/netlogon.h" struct ldap_message; @@ -161,9 +161,10 @@ struct cldap_netlogon { const char *domain_sid; int acct_control; uint32_t version; + bool map_response; } in; struct { - union nbt_cldap_netlogon netlogon; + struct netlogon_samlogon_response netlogon; } out; }; @@ -178,4 +179,4 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap, uint32_t message_id, struct socket_address *src, uint32_t version, - union nbt_cldap_netlogon *netlogon); + struct netlogon_samlogon_response *netlogon); diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index 68d718abaf..f502091b07 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -57,6 +57,15 @@ LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclisrcdir)/nbt/, \ $(eval $(call proto_header_template,$(libclisrcdir)/nbt/nbt_proto.h,$(LIBCLI_NBT_OBJ_FILES:.o=.c))) +[SUBSYSTEM::LIBCLI_NETLOGON] +PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT \ + NDR_SECURITY LIBSAMBA-UTIL + +LIBCLI_NETLOGON_OBJ_FILES = $(addprefix libcli/, \ + netlogon.o) + +$(eval $(call proto_header_template,$(libclisrcdir)/netlogon_proto.h,$(LIBCLI_NETLOGON_OBJ_FILES:.o=.c))) + [PYTHON::python_libcli_nbt] SWIG_FILE = swig/libcli_nbt.i PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG @@ -70,18 +79,17 @@ PUBLIC_DEPENDENCIES = LIBCLI_SMB DYNCONFIG LIBSAMBA-HOSTCONFIG python_libcli_smb_OBJ_FILES = $(libclisrcdir)/swig/libcli_smb_wrap.o [SUBSYSTEM::LIBCLI_DGRAM] -PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNDR LIBCLI_RESOLVE +PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNDR LIBCLI_RESOLVE LIBCLI_NETLOGON LIBCLI_DGRAM_OBJ_FILES = $(addprefix $(libclisrcdir)/dgram/, \ dgramsocket.o \ mailslot.o \ netlogon.o \ - ntlogon.o \ browse.o) [SUBSYSTEM::LIBCLI_CLDAP] PUBLIC_DEPENDENCIES = LIBCLI_LDAP -PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB LIBCLI_NETLOGON LIBCLI_CLDAP_OBJ_FILES = $(libclisrcdir)/cldap/cldap.o # PUBLIC_HEADERS += $(libclisrcdir)/cldap/cldap.h diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c index 06b7bd5771..2cdda654ef 100644 --- a/source4/libcli/dgram/dgramsocket.c +++ b/source4/libcli/dgram/dgramsocket.c @@ -88,7 +88,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock) struct dgram_mailslot_handler *dgmslot; dgmslot = dgram_mailslot_find(dgmsock, mailslot_name); if (dgmslot) { - dgmslot->handler(dgmslot, packet, src); + dgmslot->handler(dgmslot, packet, mailslot_name, src); } else { DEBUG(2,("No mailslot handler for '%s'\n", mailslot_name)); } diff --git a/source4/libcli/dgram/libdgram.h b/source4/libcli/dgram/libdgram.h index 707cca8cc5..51408d029e 100644 --- a/source4/libcli/dgram/libdgram.h +++ b/source4/libcli/dgram/libdgram.h @@ -19,7 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include "librpc/gen_ndr/nbt.h" +#include "libcli/netlogon.h" /* a datagram name request @@ -70,6 +70,7 @@ struct nbt_dgram_socket { typedef void (*dgram_mailslot_handler_t)(struct dgram_mailslot_handler *, struct nbt_dgram_packet *, + const char *mailslot_name, struct socket_address *src); struct dgram_mailslot_handler { @@ -121,33 +122,23 @@ NTSTATUS dgram_mailslot_send(struct nbt_dgram_socket *dgmsock, NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, struct socket_address *dest, + const char *mailslot_name, struct nbt_name *src_name, struct nbt_netlogon_packet *request); NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, struct nbt_dgram_packet *request, const char *my_netbios_name, const char *mailslot_name, - struct nbt_netlogon_packet *reply); -NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot, - TALLOC_CTX *mem_ctx, - struct nbt_dgram_packet *dgram, - struct nbt_netlogon_packet *netlogon); - -NTSTATUS dgram_mailslot_ntlogon_send(struct nbt_dgram_socket *dgmsock, - enum dgram_msg_type msg_type, - struct nbt_name *dest_name, - struct socket_address *dest, - struct nbt_name *src_name, - struct nbt_ntlogon_packet *request); -NTSTATUS dgram_mailslot_ntlogon_reply(struct nbt_dgram_socket *dgmsock, - struct nbt_dgram_packet *request, - const char *my_netbios_name, - const char *mailslot_name, - struct nbt_ntlogon_packet *reply); -NTSTATUS dgram_mailslot_ntlogon_parse(struct dgram_mailslot_handler *dgmslot, - TALLOC_CTX *mem_ctx, - struct nbt_dgram_packet *dgram, - struct nbt_ntlogon_packet *ntlogon); + struct nbt_netlogon_response *reply); +NTSTATUS dgram_mailslot_netlogon_parse_request(struct dgram_mailslot_handler *dgmslot, + TALLOC_CTX *mem_ctx, + struct nbt_dgram_packet *dgram, + struct nbt_netlogon_packet *netlogon); + +NTSTATUS dgram_mailslot_netlogon_parse_response(struct dgram_mailslot_handler *dgmslot, + TALLOC_CTX *mem_ctx, + struct nbt_dgram_packet *dgram, + struct nbt_netlogon_response *netlogon); NTSTATUS dgram_mailslot_browse_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, diff --git a/source4/libcli/dgram/netlogon.c b/source4/libcli/dgram/netlogon.c index 5c7dedc7bb..b37d4a2ee6 100644 --- a/source4/libcli/dgram/netlogon.c +++ b/source4/libcli/dgram/netlogon.c @@ -32,6 +32,7 @@ NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, struct socket_address *dest, + const char *mailslot, struct nbt_name *src_name, struct nbt_netlogon_packet *request) { @@ -51,7 +52,7 @@ NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE, - NBT_MAILSLOT_NETLOGON, + mailslot, dest_name, dest, src_name, &blob); talloc_free(tmp_ctx); @@ -66,22 +67,18 @@ NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, struct nbt_dgram_packet *request, const char *my_netbios_name, const char *mailslot_name, - struct nbt_netlogon_packet *reply) + struct nbt_netlogon_response *reply) { NTSTATUS status; - enum ndr_err_code ndr_err; DATA_BLOB blob; TALLOC_CTX *tmp_ctx = talloc_new(dgmsock); struct nbt_name myname; struct socket_address *dest; - ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, - dgmsock->iconv_convenience, - reply, - (ndr_push_flags_fn_t)ndr_push_nbt_netlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); + status = push_nbt_netlogon_response(&blob, tmp_ctx, dgmsock->iconv_convenience, + reply); + if (!NT_STATUS_IS_OK(status)) { + return status; } make_nbt_name_client(&myname, my_netbios_name); @@ -106,10 +103,10 @@ NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, /* parse a netlogon response. The packet must be a valid mailslot packet */ -NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot, - TALLOC_CTX *mem_ctx, - struct nbt_dgram_packet *dgram, - struct nbt_netlogon_packet *netlogon) +NTSTATUS dgram_mailslot_netlogon_parse_request(struct dgram_mailslot_handler *dgmslot, + TALLOC_CTX *mem_ctx, + struct nbt_dgram_packet *dgram, + struct nbt_netlogon_packet *netlogon) { DATA_BLOB data = dgram_mailslot_data(dgram); enum ndr_err_code ndr_err; @@ -127,3 +124,23 @@ NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot, } return NT_STATUS_OK; } + +/* + parse a netlogon response. The packet must be a valid mailslot packet +*/ +NTSTATUS dgram_mailslot_netlogon_parse_response(struct dgram_mailslot_handler *dgmslot, + TALLOC_CTX *mem_ctx, + struct nbt_dgram_packet *dgram, + struct nbt_netlogon_response *netlogon) +{ + NTSTATUS status; + DATA_BLOB data = dgram_mailslot_data(dgram); + + status = pull_nbt_netlogon_response(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, netlogon); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return NT_STATUS_OK; +} + diff --git a/source4/libcli/dgram/ntlogon.c b/source4/libcli/dgram/ntlogon.c deleted file mode 100644 index 7b26ed7c00..0000000000 --- a/source4/libcli/dgram/ntlogon.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - handling for ntlogon dgram requests - - Copyright (C) Andrew Tridgell 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/dgram/libdgram.h" -#include "lib/socket/socket.h" -#include "libcli/resolve/resolve.h" -#include "librpc/gen_ndr/ndr_nbt.h" -#include "param/param.h" - -/* - send a ntlogon mailslot request -*/ -NTSTATUS dgram_mailslot_ntlogon_send(struct nbt_dgram_socket *dgmsock, - enum dgram_msg_type msg_type, - struct nbt_name *dest_name, - struct socket_address *dest, - struct nbt_name *src_name, - struct nbt_ntlogon_packet *request) -{ - NTSTATUS status; - enum ndr_err_code ndr_err; - DATA_BLOB blob; - TALLOC_CTX *tmp_ctx = talloc_new(dgmsock); - - ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, dgmsock->iconv_convenience, - request, - (ndr_push_flags_fn_t)ndr_push_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); - } - - - status = dgram_mailslot_send(dgmsock, msg_type, - NBT_MAILSLOT_NTLOGON, - dest_name, dest, - src_name, &blob); - talloc_free(tmp_ctx); - return status; -} - - -/* - send a ntlogon mailslot reply -*/ -NTSTATUS dgram_mailslot_ntlogon_reply(struct nbt_dgram_socket *dgmsock, - struct nbt_dgram_packet *request, - const char *my_netbios_name, - const char *mailslot_name, - struct nbt_ntlogon_packet *reply) -{ - NTSTATUS status; - enum ndr_err_code ndr_err; - DATA_BLOB blob; - TALLOC_CTX *tmp_ctx = talloc_new(dgmsock); - struct nbt_name myname; - struct socket_address *dest; - - ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, dgmsock->iconv_convenience, reply, - (ndr_push_flags_fn_t)ndr_push_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); - } - - make_nbt_name_client(&myname, my_netbios_name); - - dest = socket_address_from_strings(tmp_ctx, - dgmsock->sock->backend_name, - request->src_addr, request->src_port); - if (!dest) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE, - mailslot_name, - &request->data.msg.source_name, - dest, - &myname, &blob); - talloc_free(tmp_ctx); - return status; -} - - -/* - parse a ntlogon response. The packet must be a valid mailslot packet -*/ -NTSTATUS dgram_mailslot_ntlogon_parse(struct dgram_mailslot_handler *dgmslot, - TALLOC_CTX *mem_ctx, - struct nbt_dgram_packet *dgram, - struct nbt_ntlogon_packet *ntlogon) -{ - DATA_BLOB data = dgram_mailslot_data(dgram); - enum ndr_err_code ndr_err; - - ndr_err = ndr_pull_struct_blob(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, ntlogon, - (ndr_pull_flags_fn_t)ndr_pull_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - NTSTATUS status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("Failed to parse ntlogon packet of length %d: %s\n", - (int)data.length, nt_errstr(status))); - if (DEBUGLVL(10)) { - file_save("ntlogon.dat", data.data, data.length); - } - return status; - } - return NT_STATUS_OK; -} diff --git a/source4/libcli/netlogon.c b/source4/libcli/netlogon.c new file mode 100644 index 0000000000..3ef7cf6335 --- /dev/null +++ b/source4/libcli/netlogon.c @@ -0,0 +1,311 @@ +/* parser auto-generated by pidl, then hand-modified by abartlet */ + +#include "includes.h" +#include "libcli/netlogon.h" + +_PUBLIC_ enum ndr_err_code ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_push *ndr, int ndr_flags, const struct NETLOGON_SAM_LOGON_RESPONSE_EX *r) +{ + { + uint32_t _flags_save_STRUCT = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN); + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_netlogon_command(ndr, NDR_SCALARS, r->command)); + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->sbz)); + NDR_CHECK(ndr_push_nbt_server_type(ndr, NDR_SCALARS, r->server_type)); + NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->domain_uuid)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->forest)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->dns_domain)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->pdc_dns_name)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->domain)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->pdc_name)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->user_name)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->server_site)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->client_site)); + if (r->nt_version & NETLOGON_NT_VERSION_5EX_WITH_IP) { + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, ndr_size_nbt_sockaddr(&r->sockaddr, ndr->flags))); + { + struct ndr_push *_ndr_sockaddr; + NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_sockaddr, 0, ndr_size_nbt_sockaddr(&r->sockaddr, ndr->flags))); + NDR_CHECK(ndr_push_nbt_sockaddr(_ndr_sockaddr, NDR_SCALARS|NDR_BUFFERS, &r->sockaddr)); + NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_sockaddr, 0, ndr_size_nbt_sockaddr(&r->sockaddr, ndr->flags))); + } + } + if (r->nt_version & NETLOGON_NT_VERSION_WITH_CLOSEST_SITE) { + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r->next_closest_site)); + } + NDR_CHECK(ndr_push_netlogon_nt_version_flags(ndr, NDR_SCALARS, r->nt_version)); + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->lmnt_token)); + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->lm20_token)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_push_GUID(ndr, NDR_BUFFERS, &r->domain_uuid)); + } + ndr->flags = _flags_save_STRUCT; + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_pull *ndr, int ndr_flags, struct NETLOGON_SAM_LOGON_RESPONSE_EX *r, + uint32_t nt_version_flags) +{ + { + uint32_t _flags_save_STRUCT = ndr->flags; + ZERO_STRUCTP(r); + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN); + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_netlogon_command(ndr, NDR_SCALARS, &r->command)); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->sbz)); + NDR_CHECK(ndr_pull_nbt_server_type(ndr, NDR_SCALARS, &r->server_type)); + NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->domain_uuid)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->forest)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->dns_domain)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->pdc_dns_name)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->domain)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->pdc_name)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->user_name)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->server_site)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->client_site)); + if (nt_version_flags & NETLOGON_NT_VERSION_5EX_WITH_IP) { + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sockaddr_size)); + { + struct ndr_pull *_ndr_sockaddr; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_sockaddr, 0, r->sockaddr_size)); + NDR_CHECK(ndr_pull_nbt_sockaddr(_ndr_sockaddr, NDR_SCALARS|NDR_BUFFERS, &r->sockaddr)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_sockaddr, 0, r->sockaddr_size)); + } + } + if (nt_version_flags & NETLOGON_NT_VERSION_WITH_CLOSEST_SITE) { + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, &r->next_closest_site)); + } + NDR_CHECK(ndr_pull_netlogon_nt_version_flags(ndr, NDR_SCALARS, &r->nt_version)); + if (r->nt_version != nt_version_flags) { + return NDR_ERR_VALIDATE; + } + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lmnt_token)); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm20_token)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_GUID(ndr, NDR_BUFFERS, &r->domain_uuid)); + } + ndr->flags = _flags_save_STRUCT; + } + return NDR_ERR_SUCCESS; +} + +NTSTATUS push_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, + struct netlogon_samlogon_response *response) +{ + enum ndr_err_code ndr_err; + if (response->ntver == NETLOGON_NT_VERSION_1) { + ndr_err = ndr_push_struct_blob(data, mem_ctx, + iconv_convenience, + &response->nt4, + (ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_NT40); + } else if (response->ntver & NETLOGON_NT_VERSION_5EX) { + ndr_err = ndr_push_struct_blob(data, mem_ctx, + iconv_convenience, + &response->nt5_ex, + (ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags); + } else if (response->ntver & NETLOGON_NT_VERSION_5) { + ndr_err = ndr_push_struct_blob(data, mem_ctx, + iconv_convenience, + &response->nt5, + (ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE); + } else { + DEBUG(0, ("Asked to push unknown netlogon response type 0x%02x\n", response->ntver)); + return NT_STATUS_INVALID_PARAMETER; + } + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(2,("failed to push netlogon response of type 0x%02x\n", + response->ntver)); + return ndr_map_error2ntstatus(ndr_err); + } + return NT_STATUS_OK; +} + +NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, + struct netlogon_samlogon_response *response) +{ + uint32_t ntver; + enum ndr_err_code ndr_err; + + if (data->length < 8) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + + /* lmnttoken */ + if (SVAL(data->data, data->length - 4) != 0xffff) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + /* lm20token */ + if (SVAL(data->data, data->length - 2) != 0xffff) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + ntver = IVAL(data->data, data->length - 8); + + if (ntver == NETLOGON_NT_VERSION_1) { + ndr_err = ndr_pull_struct_blob_all(data, mem_ctx, + iconv_convenience, + &response->nt4, + (ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_NT40); + response->ntver = NETLOGON_NT_VERSION_1; + } else if (ntver & NETLOGON_NT_VERSION_5EX) { + struct ndr_pull *ndr; + ndr = ndr_pull_init_blob(data, mem_ctx, iconv_convenience); + if (!ndr) { + return NT_STATUS_NO_MEMORY; + } + ndr_err = ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(ndr, NDR_SCALARS|NDR_BUFFERS, &response->nt5_ex, ntver); + if (ndr->offset < ndr->data_size) { + ndr_err = ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES, + "not all bytes consumed ofs[%u] size[%u]", + ndr->offset, ndr->data_size); + } + response->ntver = NETLOGON_NT_VERSION_5EX; + + } else if (ntver & NETLOGON_NT_VERSION_5) { + ndr_err = ndr_pull_struct_blob_all(data, mem_ctx, + iconv_convenience, + &response->nt5, + (ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE); + response->ntver = NETLOGON_NT_VERSION_5; + } else { + DEBUG(2,("failed to parse netlogon response of type 0x%02x - unknown response type\n", + ntver)); + dump_data(10, data->data, data->length); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(2,("failed to parse netlogon response of type 0x%02x\n", + ntver)); + dump_data(10, data->data, data->length); + return ndr_map_error2ntstatus(ndr_err); + } + return NT_STATUS_OK; +} + +void map_netlogon_samlogon_response(struct netlogon_samlogon_response *response) +{ + struct NETLOGON_SAM_LOGON_RESPONSE_EX response_5_ex; + switch (response->ntver) { + case NETLOGON_NT_VERSION_5EX: + break; + case NETLOGON_NT_VERSION_5: + ZERO_STRUCT(response_5_ex); + response_5_ex.command = response->nt5.command; + response_5_ex.pdc_name = response->nt5.pdc_name; + response_5_ex.user_name = response->nt5.user_name; + response_5_ex.domain = response->nt5.domain_name; + response_5_ex.domain_uuid = response->nt5.domain_uuid; + response_5_ex.forest = response->nt5.forest; + response_5_ex.dns_domain = response->nt5.dns_domain; + response_5_ex.pdc_dns_name = response->nt5.pdc_dns_name; + response_5_ex.sockaddr.pdc_ip = response->nt5.pdc_ip; + response_5_ex.server_type = response->nt5.server_type; + response_5_ex.nt_version = response->nt5.nt_version; + response_5_ex.lmnt_token = response->nt5.lmnt_token; + response_5_ex.lm20_token = response->nt5.lm20_token; + response->ntver = NETLOGON_NT_VERSION_5EX; + response->nt5_ex = response_5_ex; + break; + + case NETLOGON_NT_VERSION_1: + ZERO_STRUCT(response_5_ex); + response_5_ex.command = response->nt4.command; + response_5_ex.pdc_name = response->nt4.server; + response_5_ex.user_name = response->nt4.user_name; + response_5_ex.domain = response->nt4.domain; + response_5_ex.nt_version = response->nt4.nt_version; + response_5_ex.lmnt_token = response->nt4.lmnt_token; + response_5_ex.lm20_token = response->nt4.lm20_token; + response->ntver = NETLOGON_NT_VERSION_5EX; + response->nt5_ex = response_5_ex; + break; + } + return; +} + +NTSTATUS push_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, + struct nbt_netlogon_response *response) +{ + NTSTATUS status = NT_STATUS_INVALID_NETWORK_RESPONSE; + enum ndr_err_code ndr_err; + switch (response->response_type) { + case NETLOGON_GET_PDC: + ndr_err = ndr_push_struct_blob(data, mem_ctx, iconv_convenience, &response->get_pdc, + (ndr_push_flags_fn_t)ndr_push_nbt_netlogon_response_from_pdc); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("Failed to parse netlogon packet of length %d: %s\n", + (int)data->length, nt_errstr(status))); + if (DEBUGLVL(10)) { + file_save("netlogon.dat", data->data, data->length); + } + return status; + } + status = NT_STATUS_OK; + break; + case NETLOGON_SAMLOGON: + status = push_netlogon_samlogon_response(data, mem_ctx, iconv_convenience, &response->samlogon); + break; + } + return status; +} + + +NTSTATUS pull_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, + struct nbt_netlogon_response *response) +{ + NTSTATUS status = NT_STATUS_INVALID_NETWORK_RESPONSE; + enum netlogon_command command; + enum ndr_err_code ndr_err; + if (data->length < 4) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + command = SVAL(data->data, 0); + + switch (command) { + case NETLOGON_RESPONSE_FROM_PDC: + ndr_err = ndr_pull_struct_blob_all(data, mem_ctx, iconv_convenience, &response->get_pdc, + (ndr_pull_flags_fn_t)ndr_pull_nbt_netlogon_response_from_pdc); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("Failed to parse netlogon packet of length %d: %s\n", + (int)data->length, nt_errstr(status))); + if (DEBUGLVL(10)) { + file_save("netlogon.dat", data->data, data->length); + } + return status; + } + status = NT_STATUS_OK; + response->response_type = NETLOGON_GET_PDC; + break; + case LOGON_SAM_LOGON_RESPONSE: + case LOGON_SAM_LOGON_PAUSE_RESPONSE: + case LOGON_SAM_LOGON_USER_UNKNOWN: + case LOGON_SAM_LOGON_RESPONSE_EX: + case LOGON_SAM_LOGON_PAUSE_RESPONSE_EX: + case LOGON_SAM_LOGON_USER_UNKNOWN_EX: + status = pull_netlogon_samlogon_response(data, mem_ctx, iconv_convenience, &response->samlogon); + response->response_type = NETLOGON_SAMLOGON; + break; + + /* These levels are queries, not responses */ + case LOGON_PRIMARY_QUERY: + case NETLOGON_ANNOUNCE_UAS: + case LOGON_SAM_LOGON_REQUEST: + status = NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + return status; + +} diff --git a/source4/libcli/netlogon.h b/source4/libcli/netlogon.h new file mode 100644 index 0000000000..b8615b55a5 --- /dev/null +++ b/source4/libcli/netlogon.h @@ -0,0 +1,53 @@ +/* + Unix SMB/CIFS implementation. + + CLDAP server structures + + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef __LIBCLI_NETLOGON_H__ +#define __LIBCLI_NETLOGON_H__ + +#include "librpc/gen_ndr/ndr_nbt.h" + +#include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "librpc/gen_ndr/ndr_svcctl.h" +#include "librpc/gen_ndr/ndr_samr.h" + +struct netlogon_samlogon_response +{ + uint32_t ntver; + union { + struct NETLOGON_SAM_LOGON_RESPONSE_NT40 nt4; + struct NETLOGON_SAM_LOGON_RESPONSE nt5; + struct NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex; + }; + +}; + +struct nbt_netlogon_response +{ + enum {NETLOGON_GET_PDC, NETLOGON_SAMLOGON} response_type; + union { + struct nbt_netlogon_response_from_pdc get_pdc; + struct netlogon_samlogon_response samlogon; + }; +}; + +#include "libcli/netlogon_proto.h" +#endif /* __CLDAP_SERVER_PROTO_H__ */ diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index e8a5329985..1c4c1d0732 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -30,6 +30,7 @@ #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_security.h" +#include "librpc/gen_ndr/ndr_nbt.h" #include "librpc/gen_ndr/ndr_drsuapi.h" #include "auth/gensec/gensec.h" #include "param/param.h" @@ -687,7 +688,7 @@ struct libnet_BecomeDC_state { struct { struct cldap_socket *sock; struct cldap_netlogon io; - struct nbt_cldap_netlogon_5 netlogon5; + struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon; } cldap; struct becomeDC_ldap { @@ -745,7 +746,8 @@ static void becomeDC_send_cldap(struct libnet_BecomeDC_state *s) s->cldap.io.in.domain_guid = NULL; s->cldap.io.in.domain_sid = NULL; s->cldap.io.in.acct_control = -1; - s->cldap.io.in.version = 6; + s->cldap.io.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + s->cldap.io.in.map_response = true; s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, lp_iconv_convenience(s->libnet->lp_ctx)); @@ -768,19 +770,19 @@ static void becomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5; + s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; - s->domain.dns_name = s->cldap.netlogon5.dns_domain; - s->domain.netbios_name = s->cldap.netlogon5.domain; - s->domain.guid = s->cldap.netlogon5.domain_uuid; + s->domain.dns_name = s->cldap.netlogon.dns_domain; + s->domain.netbios_name = s->cldap.netlogon.domain; + s->domain.guid = s->cldap.netlogon.domain_uuid; - s->forest.dns_name = s->cldap.netlogon5.forest; + s->forest.dns_name = s->cldap.netlogon.forest; - s->source_dsa.dns_name = s->cldap.netlogon5.pdc_dns_name; - s->source_dsa.netbios_name = s->cldap.netlogon5.pdc_name; - s->source_dsa.site_name = s->cldap.netlogon5.server_site; + s->source_dsa.dns_name = s->cldap.netlogon.pdc_dns_name; + s->source_dsa.netbios_name = s->cldap.netlogon.pdc_name; + s->source_dsa.site_name = s->cldap.netlogon.server_site; - s->dest_dsa.site_name = s->cldap.netlogon5.client_site; + s->dest_dsa.site_name = s->cldap.netlogon.client_site; becomeDC_connect_ldap1(s); } diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index f39d9e039c..bb65de1f54 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -53,11 +53,12 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li search.in.dest_address = r->in.dest_address; search.in.dest_port = r->in.cldap_port; search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(global_loadparm)); status = cldap_netlogon(cldap, tmp_ctx, &search); - if (!NT_STATUS_IS_OK(status)) { + if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) { /* If cldap_netlogon() returns in error, default to using Default-First-Site-Name. @@ -71,7 +72,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li } } else { site_name_str = talloc_asprintf(tmp_ctx, "%s", - search.out.netlogon.logon5.client_site); + search.out.netlogon.nt5_ex.client_site); if (!site_name_str) { r->out.error_string = NULL; talloc_free(tmp_ctx); diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 6f06585880..cff919018a 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -193,7 +193,7 @@ struct libnet_UnbecomeDC_state { struct { struct cldap_socket *sock; struct cldap_netlogon io; - struct nbt_cldap_netlogon_5 netlogon5; + struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon; } cldap; struct { @@ -265,7 +265,8 @@ static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s) s->cldap.io.in.domain_guid = NULL; s->cldap.io.in.domain_sid = NULL; s->cldap.io.in.acct_control = -1; - s->cldap.io.in.version = 6; + s->cldap.io.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + s->cldap.io.in.map_response = true; s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, lp_iconv_convenience(s->libnet->lp_ctx)); @@ -288,17 +289,17 @@ static void unbecomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5; + s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; - s->domain.dns_name = s->cldap.netlogon5.dns_domain; - s->domain.netbios_name = s->cldap.netlogon5.domain; - s->domain.guid = s->cldap.netlogon5.domain_uuid; + s->domain.dns_name = s->cldap.netlogon.dns_domain; + s->domain.netbios_name = s->cldap.netlogon.domain; + s->domain.guid = s->cldap.netlogon.domain_uuid; - s->source_dsa.dns_name = s->cldap.netlogon5.pdc_dns_name; - s->source_dsa.netbios_name = s->cldap.netlogon5.pdc_name; - s->source_dsa.site_name = s->cldap.netlogon5.server_site; + s->source_dsa.dns_name = s->cldap.netlogon.pdc_dns_name; + s->source_dsa.netbios_name = s->cldap.netlogon.pdc_name; + s->source_dsa.site_name = s->cldap.netlogon.server_site; - s->dest_dsa.site_name = s->cldap.netlogon5.client_site; + s->dest_dsa.site_name = s->cldap.netlogon.client_site; unbecomeDC_connect_ldap(s); } diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index b9f79a51e6..c2a8d536b2 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -332,7 +332,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT NDR_SCHANNEL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_schannel.o [SUBSYSTEM::NDR_NBT] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY +PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY NDR_SAMR NDR_NBT_OBJ_FILES = $(gen_ndrsrcdir)/ndr_nbt.o diff --git a/source4/librpc/idl/nbt.idl b/source4/librpc/idl/nbt.idl index dddfa4e1ce..e6af2cd035 100644 --- a/source4/librpc/idl/nbt.idl +++ b/source4/librpc/idl/nbt.idl @@ -8,7 +8,7 @@ encoding if it doesn't work out */ -import "misc.idl", "security.idl", "svcctl.idl"; +import "misc.idl", "security.idl", "svcctl.idl", "samr.idl"; [ helper("libcli/nbt/libnbt.h") ] @@ -338,52 +338,19 @@ interface nbt } nbt_dgram_packet; - /*******************************************/ - /* \MAILSLOT\NET\NETLOGON mailslot requests */ - typedef enum { - NETLOGON_QUERY_FOR_PDC = 0x7, - NETLOGON_ANNOUNCE_UAS = 0xa, - NETLOGON_RESPONSE_FROM_PDC = 0xc, - NETLOGON_QUERY_FOR_PDC2 = 0x12, - NETLOGON_RESPONSE_FROM_PDC2 = 0x17, - NETLOGON_RESPONSE_FROM_PDC_USER = 0x19 - } nbt_netlogon_command; - - /* query for pdc request */ - typedef struct { - astring computer_name; - astring mailslot_name; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_name; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_query_for_pdc; - - /* query for pdc request - new style */ - typedef struct { - uint16 request_count; - nstring computer_name; - nstring user_name; - astring mailslot_name; - uint32 unknown[2]; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_query_for_pdc2; + /****************************************** + * \MAILSLOT\NET\NETLOGON mailslot requests + * and + * \MAILSLOT\NET\NTLOGON mailslot requests + */ - /* response from pdc */ - typedef struct { - astring pdc_name; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_pdc_name; - nstring domain_name; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_response_from_pdc; + typedef [public,gensize] struct { + uint32 sa_family; + [flag(NDR_BIG_ENDIAN)] ipv4address pdc_ip; + [flag(NDR_REMAINING)] DATA_BLOB remaining; + } nbt_sockaddr; - typedef [bitmap32bit] bitmap { + typedef [bitmap32bit,public] bitmap { NBT_SERVER_PDC = 0x00000001, NBT_SERVER_GC = 0x00000004, NBT_SERVER_LDAP = 0x00000008, @@ -395,107 +362,82 @@ interface nbt NBT_SERVER_GOOD_TIMESERV = 0x00000200 } nbt_server_type; - /* response from pdc - type2 */ - typedef struct { - [flag(NDR_ALIGN4)] DATA_BLOB _pad; - nbt_server_type server_type; - GUID domain_uuid; - nbt_string forest; - nbt_string dns_domain; - nbt_string pdc_dns_name; - nbt_string domain; - nbt_string pdc_name; - nbt_string user_name; - nbt_string server_site; - nbt_string client_site; - uint8 unknown; - uint32 unknown2; - [flag(NDR_BIG_ENDIAN)] - ipv4address pdc_ip; - uint32 unknown3[2]; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_response_from_pdc2; - - typedef enum netr_SamDatabaseID netr_SamDatabaseID; - - /* announce change to UAS or SAM */ - typedef struct { - netr_SamDatabaseID db_index; - hyper serial; - NTTIME timestamp; - } nbt_db_change; + typedef [bitmap32bit,public] bitmap { + NETLOGON_NT_VERSION_1 = 0x00000001, + NETLOGON_NT_VERSION_5 = 0x00000002, + NETLOGON_NT_VERSION_5EX = 0x00000004, + NETLOGON_NT_VERSION_5EX_WITH_IP = 0x00000008, + NETLOGON_NT_VERSION_WITH_CLOSEST_SITE = 0x00000010, + NETLOGON_NT_VERSION_AVIOD_NT4EMUL = 0x01000000, + NETLOGON_NT_VERSION_PDC = 0x10000000, + NETLOGON_NT_VERSION_IP = 0x20000000, + NETLOGON_NT_VERSION_LOCAL = 0x40000000, + NETLOGON_NT_VERSION_GC = 0x80000000 + } netlogon_nt_version_flags; + + + typedef [enum16bit,public] enum { + LOGON_PRIMARY_QUERY = 7, /* Was also NETLOGON_QUERY_FOR_PDC */ + NETLOGON_ANNOUNCE_UAS = 10, + NETLOGON_RESPONSE_FROM_PDC = 12, + LOGON_SAM_LOGON_REQUEST = 18, /* Was also NETLOGON_QUERY_FOR_PDC2, NTLOGON_SAM_LOGON */ + LOGON_SAM_LOGON_RESPONSE = 19, /* Was also NTLOGON_SAM_LOGON_REPLY */ + LOGON_SAM_LOGON_PAUSE_RESPONSE = 20, + LOGON_SAM_LOGON_USER_UNKNOWN = 21, /* Was also NTLOGON_SAM_LOGON_REPLY15 */ + LOGON_SAM_LOGON_RESPONSE_EX = 23, /* was NETLOGON_RESPONSE_FROM_PDC2 */ + LOGON_SAM_LOGON_PAUSE_RESPONSE_EX = 24, + LOGON_SAM_LOGON_USER_UNKNOWN_EX = 25 /* was NETLOGON_RESPONSE_FROM_PDC_USER */ + } netlogon_command; + + typedef bitmap samr_AcctFlags samr_AcctFlags; - /* used to announce SAM changes */ typedef struct { - uint32 serial_lo; - time_t timestamp; - uint32 pulse; - uint32 random; - astring pdc_name; - astring domain; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_pdc_name; - nstring unicode_domain; - uint32 db_count; - nbt_db_change dbchange[db_count]; + uint16 request_count; + nstring computer_name; + nstring user_name; + astring mailslot_name; + samr_AcctFlags acct_control; [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; + /* Must not be present (ie, zero size, in request to \MAILSLOT\NET\NTLOGON */ [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_announce_uas; - - typedef [nodiscriminant] union { - [case(NETLOGON_QUERY_FOR_PDC)] nbt_netlogon_query_for_pdc pdc; - [case(NETLOGON_QUERY_FOR_PDC2)] nbt_netlogon_query_for_pdc2 pdc2; - [case(NETLOGON_ANNOUNCE_UAS)] nbt_netlogon_announce_uas uas; - [case(NETLOGON_RESPONSE_FROM_PDC)] nbt_netlogon_response_from_pdc response; - [case(NETLOGON_RESPONSE_FROM_PDC2)] nbt_netlogon_response_from_pdc2 response2; - [case(NETLOGON_RESPONSE_FROM_PDC_USER)] nbt_netlogon_response_from_pdc2 response2; - } nbt_netlogon_request; + netlogon_nt_version_flags nt_version; + uint16 lmnt_token; + uint16 lm20_token; + } NETLOGON_SAM_LOGON_REQUEST; typedef [flag(NDR_NOALIGN),public] struct { - nbt_netlogon_command command; - [switch_is(command)] nbt_netlogon_request req; - } nbt_netlogon_packet; - - /*******************************************/ - /* CLDAP netlogon response */ - - /* note that these structures are very similar to, but not - quite identical to, the netlogon structures above */ - - typedef struct { - uint16 type; - nstring pdc_name; + netlogon_command command; + nstring server; nstring user_name; - nstring domain_name; - [value(1)] uint32 nt_version; + nstring domain; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; - uint16 lm20_token; - } nbt_cldap_netlogon_1; + uint16 lm20_token; + } NETLOGON_SAM_LOGON_RESPONSE_NT40; - typedef struct { - uint16 type; + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; nstring pdc_name; nstring user_name; nstring domain_name; GUID domain_uuid; - GUID unknown_uuid; + GUID zero_uuid; nbt_string forest; nbt_string dns_domain; nbt_string pdc_dns_name; ipv4address pdc_ip; nbt_server_type server_type; - [value(3)] uint32 nt_version; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_cldap_netlogon_3; + } NETLOGON_SAM_LOGON_RESPONSE; - typedef struct { - uint32 type; + /* response from pdc hand marshaled (we have an additional + * function that uses this structure), as it has 'optional' + * parts */ + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; + uint16 sbz; /* From the docs */ nbt_server_type server_type; GUID domain_uuid; nbt_string forest; @@ -506,85 +448,91 @@ interface nbt nbt_string user_name; nbt_string server_site; nbt_string client_site; - [value(5)] uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_cldap_netlogon_5; - typedef struct { - uint32 type; - nbt_server_type server_type; - GUID domain_uuid; - nbt_string forest; - nbt_string dns_domain; - nbt_string pdc_dns_name; - nbt_string domain; - nbt_string pdc_name; - nbt_string user_name; - nbt_string server_site; - nbt_string client_site; - uint8 unknown; - uint32 unknown2; - [flag(NDR_BIG_ENDIAN)] - ipv4address pdc_ip; - uint32 unknown3[2]; - [value(13)] uint32 nt_version; + /* Optional on NETLOGON_NT_VERSION_5EX_WITH_IP */ + [value(ndr_size_nbt_sockaddr(&sockaddr, ndr->flags))] uint8 sockaddr_size; + [subcontext(0),subcontext_size(sockaddr_size)] nbt_sockaddr sockaddr; + + /* Optional on NETLOGON_NT_VERSION_WITH_CLOSEST_SITE */ + nbt_string next_closest_site; + + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_cldap_netlogon_13; - - typedef [flag(NDR_NOALIGN),public,nodiscriminant] union { - [case(0)] nbt_cldap_netlogon_1 logon1; - [case(1)] nbt_cldap_netlogon_1 logon1; - [case(2)] nbt_cldap_netlogon_3 logon3; - [case(3)] nbt_cldap_netlogon_3 logon3; - [case(4)] nbt_cldap_netlogon_5 logon5; - [case(5)] nbt_cldap_netlogon_5 logon5; - [case(6)] nbt_cldap_netlogon_5 logon5; - [case(7)] nbt_cldap_netlogon_5 logon5; - [default] nbt_cldap_netlogon_13 logon13; - } nbt_cldap_netlogon; - - /*******************************************/ - /* \MAILSLOT\NET\NTLOGON mailslot requests */ - typedef enum { - NTLOGON_SAM_LOGON = 0x12, - NTLOGON_SAM_LOGON_REPLY = 0x13, - NTLOGON_SAM_LOGON_REPLY15 = 0x15 - } nbt_ntlogon_command; + } NETLOGON_SAM_LOGON_RESPONSE_EX; + /* query for pdc request */ typedef struct { - uint16 request_count; - nstring computer_name; - nstring user_name; + astring computer_name; astring mailslot_name; - uint32 acct_control; - [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; - [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; - uint32 nt_version; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_name; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_ntlogon_sam_logon; + } nbt_netlogon_query_for_pdc; - typedef struct { - nstring server; - nstring user_name; - nstring domain; - uint32 nt_version; + /* response from pdc */ + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; + astring pdc_name; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_pdc_name; + nstring domain_name; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_ntlogon_sam_logon_reply; + } nbt_netlogon_response_from_pdc; + + typedef enum netr_SamDatabaseID netr_SamDatabaseID; + + /* used to announce SAM changes - MS-NRPC 2.2.1.5.1 */ + typedef struct { + netr_SamDatabaseID db_index; + hyper serial; + NTTIME timestamp; + } nbt_db_change_info; + + typedef struct { + uint32 serial_lo; + time_t timestamp; + uint32 pulse; + uint32 random; + astring pdc_name; + astring domain; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_pdc_name; + nstring unicode_domain; + uint32 db_count; + nbt_db_change_info dbchange[db_count]; + [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; + [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; + uint32 message_format_version; + uint32 message_token; + } NETLOGON_DB_CHANGE; typedef [nodiscriminant] union { - [case(NTLOGON_SAM_LOGON)] nbt_ntlogon_sam_logon logon; - [case(NTLOGON_SAM_LOGON_REPLY)] nbt_ntlogon_sam_logon_reply reply; - [case(NTLOGON_SAM_LOGON_REPLY15)] nbt_ntlogon_sam_logon_reply reply; - } nbt_ntlogon_request; + [case(LOGON_SAM_LOGON_REQUEST)] NETLOGON_SAM_LOGON_REQUEST logon; + [case(LOGON_PRIMARY_QUERY)] nbt_netlogon_query_for_pdc pdc; + [case(NETLOGON_ANNOUNCE_UAS)] NETLOGON_DB_CHANGE uas; + } nbt_netlogon_request; + +#if 0 + [case(NETLOGON_RESPONSE_FROM_PDC)] nbt_netlogon_response_from_pdc response; + [case(NETLOGON_RESPONSE_FROM_PDC_USER)] nbt_netlogon_response_from_pdc2 response2; + + [case(LOGON_SAM_LOGON_PAUSE_RESPONSE)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_RESPONSE)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_USER_UNKNOWN)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_RESPONSE_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; + [case(LOGON_SAM_LOGON_PAUSE_RESPONSE_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; + [case(LOGON_SAM_LOGON_USER_UNKNOWN_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; +#endif typedef [flag(NDR_NOALIGN),public] struct { - nbt_ntlogon_command command; - [switch_is(command)] nbt_ntlogon_request req; - } nbt_ntlogon_packet; + netlogon_command command; + [switch_is(command)] nbt_netlogon_request req; + } nbt_netlogon_packet; /********************************************************/ /* \MAILSLOT\BROWSE mailslot requests */ diff --git a/source4/nbt_server/config.mk b/source4/nbt_server/config.mk index bb5dec7661..b17fd4ce52 100644 --- a/source4/nbt_server/config.mk +++ b/source4/nbt_server/config.mk @@ -46,7 +46,7 @@ PRIVATE_DEPENDENCIES = \ # End SUBSYSTEM NBTD_DGRAM ####################### -NBTD_DGRAM_OBJ_FILES = $(addprefix $(nbt_serversrcdir)/dgram/, request.o netlogon.o ntlogon.o browse.o) +NBTD_DGRAM_OBJ_FILES = $(addprefix $(nbt_serversrcdir)/dgram/, request.o netlogon.o browse.o) $(eval $(call proto_header_template,$(nbt_serversrcdir)/dgram/proto.h,$(NBTD_DGRAM_OBJ_FILES:.o=.c))) diff --git a/source4/nbt_server/dgram/browse.c b/source4/nbt_server/dgram/browse.c index 2e12fa114a..36f0160e1b 100644 --- a/source4/nbt_server/dgram/browse.c +++ b/source4/nbt_server/dgram/browse.c @@ -49,6 +49,7 @@ static const char *nbt_browse_opcode_string(enum nbt_browse_opcode r) */ void nbtd_mailslot_browse_handler(struct dgram_mailslot_handler *dgmslot, struct nbt_dgram_packet *packet, + const char *mailslot_name, struct socket_address *src) { struct nbt_browse_packet *browse = talloc(dgmslot, struct nbt_browse_packet); diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c index 7fae6bc1f6..c66089523b 100644 --- a/source4/nbt_server/dgram/netlogon.c +++ b/source4/nbt_server/dgram/netlogon.c @@ -4,7 +4,8 @@ NBT datagram netlogon server Copyright (C) Andrew Tridgell 2005 - + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or @@ -26,9 +27,10 @@ #include "dsdb/samdb/samdb.h" #include "auth/auth.h" #include "util/util_ldb.h" -#include "librpc/gen_ndr/ndr_nbt.h" #include "param/param.h" #include "smbd/service_task.h" +#include "cldap_server/cldap_server.h" +#include "libcli/security/security.h" /* reply to a GETDC request @@ -36,17 +38,18 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, struct nbtd_interface *iface, struct nbt_dgram_packet *packet, + const char *mailslot_name, const struct socket_address *src, struct nbt_netlogon_packet *netlogon) { struct nbt_name *name = &packet->data.msg.dest_name; struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false); - struct nbt_netlogon_packet reply; struct nbt_netlogon_response_from_pdc *pdc; const char *ref_attrs[] = {"nETBIOSName", NULL}; struct ldb_message **ref_res; struct ldb_context *samctx; struct ldb_dn *partitions_basedn; + struct nbt_netlogon_response netlogon_response; int ret; /* only answer getdc requests on the PDC or LOGON names */ @@ -60,6 +63,11 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, return; } + if (!samdb_is_pdc(samctx)) { + DEBUG(2, ("Not a PDC, so not processing LOGON_PRIMARY_QUERY\n")); + return; + } + partitions_basedn = samdb_partitions_dn(samctx, packet); ret = gendb_search(samctx, packet, partitions_basedn, &ref_res, ref_attrs, @@ -72,10 +80,11 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, } /* setup a GETDC reply */ - ZERO_STRUCT(reply); - reply.command = NETLOGON_RESPONSE_FROM_PDC; - pdc = &reply.req.response; + ZERO_STRUCT(netlogon_response); + netlogon_response.response_type = NETLOGON_GET_PDC; + pdc = &netlogon_response.get_pdc; + pdc->command = NETLOGON_RESPONSE_FROM_PDC; pdc->pdc_name = lp_netbios_name(iface->nbtsrv->task->lp_ctx); pdc->unicode_pdc_name = pdc->pdc_name; pdc->domain_name = samdb_result_string(ref_res[0], "nETBIOSName", name->name);; @@ -83,38 +92,32 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, pdc->lmnt_token = 0xFFFF; pdc->lm20_token = 0xFFFF; - - packet->data.msg.dest_name.type = 0; - dgram_mailslot_netlogon_reply(reply_iface->dgmsock, packet, lp_netbios_name(iface->nbtsrv->task->lp_ctx), netlogon->req.pdc.mailslot_name, - &reply); + &netlogon_response); } /* reply to a ADS style GETDC request */ -static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot, - struct nbtd_interface *iface, - struct nbt_dgram_packet *packet, - const struct socket_address *src, - struct nbt_netlogon_packet *netlogon) +static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot, + struct nbtd_interface *iface, + struct nbt_dgram_packet *packet, + const char *mailslot_name, + const struct socket_address *src, + struct nbt_netlogon_packet *netlogon) { struct nbt_name *name = &packet->data.msg.dest_name; struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false); - struct nbt_netlogon_packet reply; - struct nbt_netlogon_response_from_pdc2 *pdc; struct ldb_context *samctx; - const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; - const char *dom_attrs[] = {"objectGUID", NULL}; - struct ldb_message **ref_res, **dom_res; - int ret; - const char **services = lp_server_services(iface->nbtsrv->task->lp_ctx); const char *my_ip = reply_iface->ip_address; - struct ldb_dn *partitions_basedn; + struct dom_sid *sid; + struct nbt_netlogon_response netlogon_response; + NTSTATUS status; + if (!my_ip) { DEBUG(0, ("Could not obtain own IP address for datagram socket\n")); return; @@ -131,90 +134,35 @@ static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot, return; } - partitions_basedn = samdb_partitions_dn(samctx, packet); - - ret = gendb_search(samctx, packet, partitions_basedn, &ref_res, ref_attrs, - "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", - name->name); - - if (ret != 1) { - DEBUG(2,("Unable to find domain reference '%s' in sam\n", name->name)); - return; + if (netlogon->req.logon.sid_size) { + if (strcasecmp(mailslot_name, NBT_MAILSLOT_NTLOGON) == 0) { + DEBUG(2,("NBT netlogon query failed because SID specified in request to NTLOGON\n")); + /* SID not permitted on NTLOGON (for some reason...) */ + return; + } + sid = &netlogon->req.logon.sid; + } else { + sid = NULL; } - /* try and find the domain */ - ret = gendb_search_dn(samctx, packet, - samdb_result_dn(samctx, samctx, ref_res[0], "ncName", NULL), - &dom_res, dom_attrs); - if (ret != 1) { - DEBUG(2,("Unable to find domain from reference '%s' in sam\n", - ldb_dn_get_linearized(ref_res[0]->dn))); + status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL, + netlogon->req.logon.user_name, src->addr, + netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.samlogon); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n", + name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status))); return; } - /* setup a GETDC reply */ - ZERO_STRUCT(reply); - reply.command = NETLOGON_RESPONSE_FROM_PDC2; - -#if 0 - /* newer testing shows that the reply command type is not - changed based on whether a username is given in the - reply. This was what was causing the w2k join to be so - slow */ - if (netlogon->req.pdc2.user_name[0]) { - reply.command = NETLOGON_RESPONSE_FROM_PDC_USER; - } -#endif - - pdc = &reply.req.response2; - - /* TODO: accurately depict which services we are running */ - pdc->server_type = - NBT_SERVER_PDC | NBT_SERVER_GC | - NBT_SERVER_DS | NBT_SERVER_TIMESERV | - NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | - NBT_SERVER_GOOD_TIMESERV; - - /* hmm, probably a better way to do this */ - if (str_list_check(services, "ldap")) { - pdc->server_type |= NBT_SERVER_LDAP; - } - - if (str_list_check(services, "kdc")) { - pdc->server_type |= NBT_SERVER_KDC; - } - - pdc->domain_uuid = samdb_result_guid(dom_res[0], "objectGUID"); - pdc->forest = samdb_result_string(ref_res[0], "dnsRoot", - lp_realm(iface->nbtsrv->task->lp_ctx)); - pdc->dns_domain = samdb_result_string(ref_res[0], "dnsRoot", - lp_realm(iface->nbtsrv->task->lp_ctx)); - - /* TODO: get our full DNS name from somewhere else */ - pdc->pdc_dns_name = talloc_asprintf(packet, "%s.%s", - strlower_talloc(packet, - lp_netbios_name(iface->nbtsrv->task->lp_ctx)), - pdc->dns_domain); - pdc->domain = samdb_result_string(ref_res[0], "nETBIOSName", name->name);; - pdc->pdc_name = lp_netbios_name(iface->nbtsrv->task->lp_ctx); - pdc->user_name = netlogon->req.pdc2.user_name; - /* TODO: we need to make sure these are in our DNS zone */ - pdc->server_site = "Default-First-Site-Name"; - pdc->client_site = "Default-First-Site-Name"; - pdc->unknown = 0x10; /* what is this? */ - pdc->unknown2 = 2; /* and this ... */ - pdc->pdc_ip = my_ip; - pdc->nt_version = 13; - pdc->lmnt_token = 0xFFFF; - pdc->lm20_token = 0xFFFF; + netlogon_response.response_type = NETLOGON_SAMLOGON; packet->data.msg.dest_name.type = 0; dgram_mailslot_netlogon_reply(reply_iface->dgmsock, packet, lp_netbios_name(iface->nbtsrv->task->lp_ctx), - netlogon->req.pdc2.mailslot_name, - &reply); + netlogon->req.logon.mailslot_name, + &netlogon_response); } @@ -223,6 +171,7 @@ static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot, */ void nbtd_mailslot_netlogon_handler(struct dgram_mailslot_handler *dgmslot, struct nbt_dgram_packet *packet, + const char *mailslot_name, struct socket_address *src) { NTSTATUS status = NT_STATUS_NO_MEMORY; @@ -246,15 +195,17 @@ void nbtd_mailslot_netlogon_handler(struct dgram_mailslot_handler *dgmslot, DEBUG(2,("netlogon request to %s from %s:%d\n", nbt_name_string(netlogon, name), src->addr, src->port)); - status = dgram_mailslot_netlogon_parse(dgmslot, netlogon, packet, netlogon); + status = dgram_mailslot_netlogon_parse_request(dgmslot, netlogon, packet, netlogon); if (!NT_STATUS_IS_OK(status)) goto failed; switch (netlogon->command) { - case NETLOGON_QUERY_FOR_PDC: - nbtd_netlogon_getdc(dgmslot, iface, packet, src, netlogon); + case LOGON_PRIMARY_QUERY: + nbtd_netlogon_getdc(dgmslot, iface, packet, mailslot_name, + src, netlogon); break; - case NETLOGON_QUERY_FOR_PDC2: - nbtd_netlogon_getdc2(dgmslot, iface, packet, src, netlogon); + case LOGON_SAM_LOGON_REQUEST: + nbtd_netlogon_samlogon(dgmslot, iface, packet, mailslot_name, + src, netlogon); break; default: DEBUG(2,("unknown netlogon op %d from %s:%d\n", diff --git a/source4/nbt_server/dgram/request.c b/source4/nbt_server/dgram/request.c index 205a544209..277b64741d 100644 --- a/source4/nbt_server/dgram/request.c +++ b/source4/nbt_server/dgram/request.c @@ -35,8 +35,10 @@ static const struct { const char *mailslot_name; dgram_mailslot_handler_t handler; } mailslot_handlers[] = { + /* Handle both NTLOGON and NETLOGON in the same function, as + * they are very similar */ { NBT_MAILSLOT_NETLOGON, nbtd_mailslot_netlogon_handler }, - { NBT_MAILSLOT_NTLOGON, nbtd_mailslot_ntlogon_handler }, + { NBT_MAILSLOT_NTLOGON, nbtd_mailslot_netlogon_handler }, { NBT_MAILSLOT_BROWSE, nbtd_mailslot_browse_handler } }; diff --git a/source4/nbt_server/irpc.c b/source4/nbt_server/irpc.c index 8f2f7fc2c2..3a70c98041 100644 --- a/source4/nbt_server/irpc.c +++ b/source4/nbt_server/irpc.c @@ -49,7 +49,7 @@ static NTSTATUS nbtd_information(struct irpc_message *msg, /* - winbind needs to be able to do a getdc request, but some windows + winbind needs to be able to do a getdc request, but most (all?) windows servers always send the reply to port 138, regardless of the request port. To cope with this we use a irpc request to the NBT server which has port 138 open, and thus can receive the replies @@ -59,55 +59,48 @@ struct getdc_state { struct nbtd_getdcname *req; }; -static void getdc_recv_ntlogon_reply(struct dgram_mailslot_handler *dgmslot, - struct nbt_dgram_packet *packet, - struct socket_address *src) +static void getdc_recv_netlogon_reply(struct dgram_mailslot_handler *dgmslot, + struct nbt_dgram_packet *packet, + const char *mailslot_name, + struct socket_address *src) { struct getdc_state *s = talloc_get_type(dgmslot->private, struct getdc_state); - - struct nbt_ntlogon_packet ntlogon; + const char *p; + struct nbt_netlogon_response netlogon; NTSTATUS status; - status = dgram_mailslot_ntlogon_parse(dgmslot, packet, packet, - &ntlogon); + status = dgram_mailslot_netlogon_parse_response(dgmslot, packet, packet, + &netlogon); if (!NT_STATUS_IS_OK(status)) { DEBUG(5, ("dgram_mailslot_ntlogon_parse failed: %s\n", nt_errstr(status))); goto done; } + /* We asked for version 1 only */ + if (netlogon.response_type == NETLOGON_SAMLOGON + && netlogon.samlogon.ntver != NETLOGON_NT_VERSION_1) { + status = NT_STATUS_INVALID_NETWORK_RESPONSE; + goto done; + } + status = NT_STATUS_NO_LOGON_SERVERS; - DEBUG(10, ("reply: command=%d\n", ntlogon.command)); + p = netlogon.samlogon.nt4.server; - switch (ntlogon.command) { - case NTLOGON_SAM_LOGON: - DEBUG(0, ("Huh -- got NTLOGON_SAM_LOGON as reply\n")); - break; - case NTLOGON_SAM_LOGON_REPLY: - case NTLOGON_SAM_LOGON_REPLY15: { - const char *p = ntlogon.req.reply.server; - - DEBUG(10, ("NTLOGON_SAM_LOGON_REPLY: server: %s, user: %s, " - "domain: %s\n", p, ntlogon.req.reply.user_name, - ntlogon.req.reply.domain)); - - if (*p == '\\') p += 1; - if (*p == '\\') p += 1; - - s->req->out.dcname = talloc_strdup(s->req, p); - if (s->req->out.dcname == NULL) { - DEBUG(0, ("talloc failed\n")); - status = NT_STATUS_NO_MEMORY; - goto done; - } - status = NT_STATUS_OK; - break; - } - default: - DEBUG(0, ("Got unknown packet: %d\n", ntlogon.command)); - break; + DEBUG(10, ("NTLOGON_SAM_LOGON_REPLY: server: %s, user: %s, " + "domain: %s\n", p, netlogon.samlogon.nt4.user_name, + netlogon.samlogon.nt4.domain)); + + if (*p == '\\') p += 1; + if (*p == '\\') p += 1; + + s->req->out.dcname = talloc_strdup(s->req, p); + if (s->req->out.dcname == NULL) { + DEBUG(0, ("talloc failed\n")); + status = NT_STATUS_NO_MEMORY; + goto done; } done: @@ -121,8 +114,8 @@ static NTSTATUS nbtd_getdcname(struct irpc_message *msg, talloc_get_type(msg->private, struct nbtd_server); struct nbtd_interface *iface = nbtd_find_request_iface(server, req->in.ip_address, true); struct getdc_state *s; - struct nbt_ntlogon_packet p; - struct nbt_ntlogon_sam_logon *r; + struct nbt_netlogon_packet p; + struct NETLOGON_SAM_LOGON_REQUEST *r; struct nbt_name src, dst; struct socket_address *dest; struct dgram_mailslot_handler *handler; @@ -137,11 +130,11 @@ static NTSTATUS nbtd_getdcname(struct irpc_message *msg, s->req = req; handler = dgram_mailslot_temp(iface->dgmsock, NBT_MAILSLOT_GETDC, - getdc_recv_ntlogon_reply, s); + getdc_recv_netlogon_reply, s); NT_STATUS_HAVE_NO_MEMORY(handler); ZERO_STRUCT(p); - p.command = NTLOGON_SAM_LOGON; + p.command = LOGON_SAM_LOGON_REQUEST; r = &p.req.logon; r->request_count = 0; r->computer_name = req->in.my_computername; @@ -149,7 +142,7 @@ static NTSTATUS nbtd_getdcname(struct irpc_message *msg, r->mailslot_name = handler->mailslot_name; r->acct_control = req->in.account_control; r->sid = *req->in.domain_sid; - r->nt_version = 1; + r->nt_version = NETLOGON_NT_VERSION_1; r->lmnt_token = 0xffff; r->lm20_token = 0xffff; @@ -160,9 +153,10 @@ static NTSTATUS nbtd_getdcname(struct irpc_message *msg, req->in.ip_address, 138); NT_STATUS_HAVE_NO_MEMORY(dest); - status = dgram_mailslot_ntlogon_send(iface->dgmsock, DGRAM_DIRECT_GROUP, - &dst, dest, - &src, &p); + status = dgram_mailslot_netlogon_send(iface->dgmsock, + &dst, dest, + NBT_MAILSLOT_NETLOGON, + &src, &p); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("dgram_mailslot_ntlogon_send failed: %s\n", nt_errstr(status))); diff --git a/source4/setup/provision-backend.js b/source4/setup/provision-backend.js deleted file mode 100644 index 9482d8c435..0000000000 --- a/source4/setup/provision-backend.js +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - provision a Samba4 server - Copyright Andrew Tridgell 2005 - Released under the GNU GPL version 3 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'realm=s', - 'host-name=s', - 'ldap-manager-pass=s', - 'root=s', - 'quiet', - 'ldap-backend-type=s', - 'ldap-backend-port=i'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -sys = sys_init(); - -libinclude("base.js"); -libinclude("provision.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 provisioning - -provision [options] - --realm REALM set realm - --host-name HOSTNAME set hostname - --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random) - --root USERNAME choose 'root' unix username - --quiet Be quiet - --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure - --ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only) -You must provide at least a realm and ldap-backend-type - -"); - exit(1); -} - -if (options['host-name'] == undefined) { - options['host-name'] = hostname(); -} - -/* - main program -*/ -if (options["realm"] == undefined || - options["ldap-backend-type"] == undefined || - options["host-name"] == undefined) { - ShowHelp(); -} - -/* cope with an initially blank smb.conf */ -var lp = loadparm_init(); -lp.set("realm", options.realm); -lp.reload(); - -var subobj = provision_guess(); -for (r in options) { - var key = strupper(join("", split("-", r))); - subobj[key] = options[r]; -} - - - -var paths = provision_default_paths(subobj); -provision_fix_subobj(subobj, paths); -message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); -message("Using %s password: %s\n", subobj.LDAPMANAGERDN, subobj.LDAPMANAGERPASS); -var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; -sys.mkdir(subobj.LDAPDIR, 0700); - -provision_schema(subobj, message, tmp_schema_ldb, paths); - -var mapping; -var backend_schema; -var slapd_command; -if (options["ldap-backend-type"] == "fedora-ds") { - mapping = "schema-map-fedora-ds-1.0"; - backend_schema = "99_ad.ldif"; - if (options["ldap-backend-port"] != undefined) { - message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); - subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; - } else { - message("Will listen on LDAPI only\n"); - subobj.SERVERPORT=""; - } - setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); - setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); - - slapd_command = "(see documentation)"; -} else if (options["ldap-backend-type"] == "openldap") { - mapping = "schema-map-openldap-2.3"; - backend_schema = "backend-schema.schema"; - setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); - setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); - sys.mkdir(subobj.LDAPDIR + "/db", 0700); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - if (options["ldap-backend-port"] != undefined) { - message("\nStart slapd with: \n"); - slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h \"ldap://0.0.0.0:" + options["ldap-backend-port"] + " " + subobj.LDAPI_URI "\""; - } else { - slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; - } - - var ldb = ldb_init(); - ldb.filename = tmp_schema_ldb; - - var connect_ok = ldb.connect(ldb.filename); - assert(connect_ok); - var attrs = new Array("linkID", "lDAPDisplayName"); - var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); - assert(res.error == 0); - var memberof_config = ""; - var refint_attributes = ""; - for (i=0; i < res.msgs.length; i++) { - var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName"); - if (target != undefined) { - refint_attributes = refint_attributes + " " + target + " " + res.msgs[i].lDAPDisplayName; - memberof_config = memberof_config + "overlay memberof -memberof-dangling error -memberof-refint TRUE -memberof-group-oc top -memberof-member-ad " + res.msgs[i].lDAPDisplayName + " -memberof-memberof-ad " + target + " -memberof-dangling-error 32 - -"; - } - } - - memberof_config = memberof_config + " -overlay refint -refint_attributes" + refint_attributes + " -"; - - ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); - if (!ok) { - message("failed to create file: " + f + "\n"); - assert(ok); - } - -} -var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema; - -message("\nCreate a suitable schema file with:\n%s\n", schema_command); -message("\nStart slapd with: \n%s\n", slapd_command); - -message("All OK\n"); -return 0; diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index ca4d9b7705..a77920d4e6 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -41,7 +41,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) struct cldap_socket *cldap; NTSTATUS status; struct cldap_netlogon search, empty_search; - union nbt_cldap_netlogon n1; + struct netlogon_samlogon_response n1; struct GUID guid; int i; @@ -51,7 +51,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.dest_address = dest; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; empty_search = search; @@ -63,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) n1 = search.out.netlogon; search.in.user = "Administrator"; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; search.in.host = "__cldap_torture__"; printf("Scanning for netlogon levels\n"); @@ -82,7 +83,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_OK); } - search.in.version = 0x20000006; + search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP; + status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); @@ -91,8 +93,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -100,10 +102,10 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); @@ -112,8 +114,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE); printf("Trying with User=Administrator\n"); @@ -121,16 +123,18 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN); + + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; printf("Trying with a GUID\n"); search.in.realm = NULL; - search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); - CHECK_STRING(GUID_string(tctx, &search.out.netlogon.logon5.domain_uuid), search.in.domain_guid); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid); printf("Trying with a incorrect GUID\n"); guid = GUID_random(); @@ -141,15 +145,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a AAC\n"); search.in.acct_control = 0x180; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); printf("Trying with a bad AAC\n"); search.in.acct_control = 0xFF00FF00; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); @@ -158,15 +162,16 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = "Administrator"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); printf("Trying with just a bad username\n"); search.in.user = "___no_such_user___"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); printf("Trying with just a bad domain\n"); search = empty_search; @@ -175,29 +180,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a incorrect domain and correct guid\n"); - search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect domain and incorrect guid\n"); search.in.domain_guid = GUID_string(tctx, &guid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect GUID and correct domain\n"); search.in.domain_guid = GUID_string(tctx, &guid); - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); return true; } diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index a3585896eb..ce5758977d 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -39,23 +39,22 @@ */ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, struct nbt_dgram_packet *packet, + const char *mailslot_name, struct socket_address *src) { NTSTATUS status; - struct nbt_netlogon_packet netlogon; + struct nbt_netlogon_response netlogon; int *replies = (int *)dgmslot->private; printf("netlogon reply from %s:%d\n", src->addr, src->port); - status = dgram_mailslot_netlogon_parse(dgmslot, dgmslot, packet, &netlogon); + status = dgram_mailslot_netlogon_parse_response(dgmslot, dgmslot, packet, &netlogon); if (!NT_STATUS_IS_OK(status)) { printf("Failed to parse netlogon packet from %s:%d\n", src->addr, src->port); return; } - NDR_PRINT_DEBUG(nbt_netlogon_packet, &netlogon); - (*replies)++; } @@ -101,7 +100,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) /* try receiving replies on port 138 first, which will only work if we are root and smbd/nmbd are not running - fall back to listening on any port, which means replies from - some windows versions won't be seen */ + most windows versions won't be seen */ status = socket_listen(dgmsock->sock, socket_address, 0, 0); if (!NT_STATUS_IS_OK(status)) { talloc_free(socket_address); @@ -117,7 +116,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) netlogon_handler, &replies); ZERO_STRUCT(logon); - logon.command = NETLOGON_QUERY_FOR_PDC; + logon.command = LOGON_PRIMARY_QUERY; logon.req.pdc.computer_name = TEST_NAME; logon.req.pdc.mailslot_name = dgmslot->mailslot_name; logon.req.pdc.unicode_name = TEST_NAME; @@ -132,6 +131,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) torture_assert(tctx, dest != NULL, "Error getting address"); status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); @@ -163,6 +163,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) struct nbt_name name; struct interface *ifaces; + struct test_join *join_ctx; + struct cli_credentials *machine_credentials; + const struct dom_sid *dom_sid; name.name = lp_workgroup(tctx->lp_ctx); name.type = NBT_NAME_LOGON; @@ -200,14 +203,14 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) ZERO_STRUCT(logon); - logon.command = NETLOGON_QUERY_FOR_PDC2; - logon.req.pdc2.request_count = 0; - logon.req.pdc2.computer_name = TEST_NAME; - logon.req.pdc2.user_name = ""; - logon.req.pdc2.mailslot_name = dgmslot->mailslot_name; - logon.req.pdc2.nt_version = 11; - logon.req.pdc2.lmnt_token = 0xFFFF; - logon.req.pdc2.lm20_token = 0xFFFF; + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = ""; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.nt_version = 11; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; make_nbt_name_client(&myname, TEST_NAME); @@ -216,6 +219,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, dest != NULL, "Error getting address"); status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); @@ -223,33 +227,64 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) event_loop_once(dgmsock->event_ctx); } - return true; -} + ZERO_STRUCT(logon); + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = TEST_NAME"$"; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.nt_version = 1; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; + make_nbt_name_client(&myname, TEST_NAME); -/* - reply handler for ntlogon request -*/ -static void ntlogon_handler(struct dgram_mailslot_handler *dgmslot, - struct nbt_dgram_packet *packet, - struct socket_address *src) -{ - NTSTATUS status; - struct nbt_ntlogon_packet ntlogon; - int *replies = (int *)dgmslot->private; + dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, + address, lp_dgram_port(tctx->lp_ctx)); - printf("ntlogon reply from %s:%d\n", src->addr, src->port); + torture_assert(tctx, dest != NULL, "Error getting address"); + status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, + &myname, &logon); + torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); - status = dgram_mailslot_ntlogon_parse(dgmslot, dgmslot, packet, &ntlogon); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to parse ntlogon packet from %s:%d\n", - src->addr, src->port); - return; + while (timeval_elapsed(&tv) < 5 && replies == 0) { + event_loop_once(dgmsock->event_ctx); } - NDR_PRINT_DEBUG(nbt_ntlogon_packet, &ntlogon); + join_ctx = torture_join_domain(tctx, TEST_NAME, + ACB_WSTRUST, &machine_credentials); - (*replies)++; + dom_sid = torture_join_sid(join_ctx); + + ZERO_STRUCT(logon); + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = TEST_NAME"$"; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.sid = *dom_sid; + logon.req.logon.nt_version = 1; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; + + make_nbt_name_client(&myname, TEST_NAME); + + dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, + address, lp_dgram_port(tctx->lp_ctx)); + + torture_assert(tctx, dest != NULL, "Error getting address"); + status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, + &myname, &logon); + torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); + + while (timeval_elapsed(&tv) < 5 && replies == 0) { + event_loop_once(dgmsock->event_ctx); + } + + torture_leave_domain(join_ctx); + return true; } @@ -262,10 +297,9 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) struct socket_address *dest; struct test_join *join_ctx; struct cli_credentials *machine_credentials; - const struct dom_sid *dom_sid; const char *myaddress; - struct nbt_ntlogon_packet logon; + struct nbt_netlogon_packet logon; struct nbt_name myname; NTSTATUS status; struct timeval tv = timeval_current(); @@ -296,7 +330,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) /* try receiving replies on port 138 first, which will only work if we are root and smbd/nmbd are not running - fall back to listening on any port, which means replies from - some windows versions won't be seen */ + most windows versions won't be seen */ status = socket_listen(dgmsock->sock, socket_address, 0, 0); if (!NT_STATUS_IS_OK(status)) { talloc_free(socket_address); @@ -313,21 +347,19 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) talloc_asprintf(tctx, "Failed to join domain %s as %s\n", lp_workgroup(tctx->lp_ctx), TEST_NAME)); - dom_sid = torture_join_sid(join_ctx); - /* setup a temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, - ntlogon_handler, &replies); + netlogon_handler, &replies); ZERO_STRUCT(logon); - logon.command = NTLOGON_SAM_LOGON; + logon.command = LOGON_SAM_LOGON_REQUEST; logon.req.logon.request_count = 0; logon.req.logon.computer_name = TEST_NAME; logon.req.logon.user_name = TEST_NAME"$"; logon.req.logon.mailslot_name = dgmslot->mailslot_name; logon.req.logon.acct_control = ACB_WSTRUST; - logon.req.logon.sid = *dom_sid; + /* Leave sid as all zero */ logon.req.logon.nt_version = 1; logon.req.logon.lmnt_token = 0xFFFF; logon.req.logon.lm20_token = 0xFFFF; @@ -337,8 +369,34 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, address, lp_dgram_port(tctx->lp_ctx)); torture_assert(tctx, dest != NULL, "Error getting address"); - status = dgram_mailslot_ntlogon_send(dgmsock, DGRAM_DIRECT_UNIQUE, - &name, dest, &myname, &logon); + status = dgram_mailslot_netlogon_send(dgmsock, + &name, dest, + NBT_MAILSLOT_NTLOGON, + &myname, &logon); + torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); + + while (timeval_elapsed(&tv) < 5 && replies == 0) { + event_loop_once(dgmsock->event_ctx); + } + + ZERO_STRUCT(logon); + logon.command = LOGON_PRIMARY_QUERY; + logon.req.pdc.computer_name = TEST_NAME; + logon.req.pdc.mailslot_name = dgmslot->mailslot_name; + logon.req.pdc.unicode_name = TEST_NAME; + logon.req.pdc.nt_version = 1; + logon.req.pdc.lmnt_token = 0xFFFF; + logon.req.pdc.lm20_token = 0xFFFF; + + make_nbt_name_client(&myname, TEST_NAME); + + dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, + address, lp_dgram_port(tctx->lp_ctx)); + torture_assert(tctx, dest != NULL, "Error getting address"); + status = dgram_mailslot_netlogon_send(dgmsock, + &name, dest, + NBT_MAILSLOT_NTLOGON, + &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); while (timeval_elapsed(&tv) < 5 && replies == 0) { diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c index 00617f4072..989a1faf27 100644 --- a/source4/torture/rpc/dssync.c +++ b/source4/torture/rpc/dssync.c @@ -288,16 +288,17 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) search.in.dest_address = ctx->drsuapi_binding->host; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; status = cldap_netlogon(cldap, ctx, &search); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name"); printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name); } else { - ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site); + ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site); printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name); - printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site); + printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site); } return ret; |